<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-virtualization.git/recipes-core, branch master</title>
<subtitle>Mirror of git.yoctoproject.org/meta-virtualization</subtitle>
<id>https://git.enea.com/cgit/linux/meta-virtualization.git/atom?h=master</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-virtualization.git/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-virtualization.git/'/>
<updated>2026-06-15T14:12:38+00:00</updated>
<entry>
<title>packagegroup-lxc: pull in networking and templates explicitly</title>
<updated>2026-06-15T14:12:38+00:00</updated>
<author>
<name>Bruce Ashfield</name>
<email>bruce.ashfield@gmail.com</email>
</author>
<published>2026-06-15T14:12:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-virtualization.git/commit/?id=263a45c610b622ac9b0aab2e715549b270ea6f6e'/>
<id>urn:sha1:263a45c610b622ac9b0aab2e715549b270ea6f6e</id>
<content type='text'>
packagegroup-lxc is documented as the "ready-to-use LXC" group but
its RDEPENDS only listed the lxc package itself, not the networking
or templates sub-packages required for a functional LXC. With the
matching change to the lxc recipe (RRECOMMENDS adding both sub-packages
to anyone installing lxc), this packagegroup would now pick them up
transitively — but listing them in RDEPENDS here keeps the packagegroup
honest as a self-contained specification of what it provides, and
guards against future BAD_RECOMMENDATIONS in a downstream distro
silently turning packagegroup-lxc back into "just the binaries."

This is the path container-image-host takes when VIRTUAL-RUNTIME_container_engine
is set to "lxc", so it's also the path the just-added container-host-lxc
profile fragment exercises.

Signed-off-by: Bruce Ashfield &lt;bruce.ashfield@gmail.com&gt;
</content>
</entry>
<entry>
<title>netavark: add nftables as runtime dependency</title>
<updated>2026-06-12T02:58:55+00:00</updated>
<author>
<name>Bruce Ashfield</name>
<email>bruce.ashfield@gmail.com</email>
</author>
<published>2026-06-04T17:32:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-virtualization.git/commit/?id=450c95d8f8be483038b29a61b0ed3acacaa5c27a'/>
<id>urn:sha1:450c95d8f8be483038b29a61b0ed3acacaa5c27a</id>
<content type='text'>
Netavark dropped iptables support and now uses nft directly for all
firewall rules (masquerade, DNAT, connection tracking). Without
nftables installed, netavark fails at runtime with "unable to execute
nft: No such file or directory", preventing any podman container from
starting with network access.

Add nftables to netavark's RDEPENDS since it is an unconditional
runtime requirement, and to packagegroup-netavark for independent
packagegroup usage.

Signed-off-by: Bruce Ashfield &lt;bruce.ashfield@gmail.com&gt;
</content>
</entry>
<entry>
<title>systemd: add openssl PACKAGECONFIG for virtualization distro feature</title>
<updated>2026-04-21T13:11:11+00:00</updated>
<author>
<name>Zhixiong Chi</name>
<email>zhixiong.chi@windriver.com</email>
</author>
<published>2026-04-21T07:46:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-virtualization.git/commit/?id=6218ce020d388cf05a95b6427cda1e93d8438929'/>
<id>urn:sha1:6218ce020d388cf05a95b6427cda1e93d8438929</id>
<content type='text'>
Since libvirt was upgraded to v12.1.0, the new systemd service file
virt-secret-init-encryption.service has been introduced, and it requires
systemd to add openssl to PACKAGECONFIG. Because systemd-creds encrypt
command will be executed in the service file, which depends on openssl
is enabled.

Meanwhile this service was added into the dependency chain of the main service
libvirtd.service, and will be enabled by default by libvirtd service without
any build dependency detection according to the original upstream commit
https://github.com/libvirt/libvirt/commit/97758bc9a0b1fccf8c0009308658f1204b113b89

In systemd oe-core recipe, the openssl PACKAGECONFIG is disabled at default.
Finally the service file virt-secret-init-encryption.service and libvirtd will
be failed as the following error:
&gt; # systemctl status libvirtd -l
 * libvirtd.service - libvirt legacy monolithic daemon
     Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; preset: enabled)
     Active: inactive (dead)
 TriggeredBy: * libvirtd.socket
              * libvirtd-ro.socket
              * libvirtd-admin.socket
       Docs: man:libvirtd(8)
             https://libvirt.org/

 systemd[1]: Dependency failed for libvirt legacy monolithic daemon.
 systemd[1]: libvirtd.service: Job libvirtd.service/start failed with result 'dependency'

&gt; # journalctl -xe

   A start job for unit virt-secret-init-encryption.service has begun execution.

 systemd-creds[1251]: Support for encrypted credentials not available.
 systemd[1]: virt-secret-init-encryption.service: Main process exited, code=exited, status=1/FAILURE

The above error info "Support for encrypted credentials not available." comes
from systemd-creds command provided by systemd without HAVE_OPENSSL option at
the source code src/shared/creds-utils.c

Here we enable openssl for systemd when 'virtualization' is in distro feature.

Signed-off-by: Zhixiong Chi &lt;zhixiong.chi@windriver.com&gt;
Signed-off-by: Bruce Ashfield &lt;bruce.ashfield@gmail.com&gt;
</content>
</entry>
<entry>
<title>k3s: add multi-node cluster support with role-based boot</title>
<updated>2026-04-07T16:05:39+00:00</updated>
<author>
<name>Bruce Ashfield</name>
<email>bruce.ashfield@gmail.com</email>
</author>
<published>2026-04-07T16:05:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-virtualization.git/commit/?id=d138800d7925a007fc61366bb20a3c90412a45c6'/>
<id>urn:sha1:d138800d7925a007fc61366bb20a3c90412a45c6</id>
<content type='text'>
Add infrastructure for booting the same container-image-host image
as either a k3s server or agent, controlled via kernel cmdline
parameters (k3s.role=server|agent).

k3s-role-setup.service / k3s-role-setup.sh:
- Reads k3s.role, k3s.server, k3s.token, k3s.node-name, k3s.node-ip,
  k3s.iface from kernel cmdline
- Configures cluster network interface IP via networkd drop-in
- For agent role: masks k3s.service, writes agent environment file,
  starts k3s-agent.service
- For server role: masks k3s-agent.service (default)

10-k3s-cluster.network:
- Claims the cluster interface (eth1) via virt_networking bbclass
- Disables DHCP to prevent systemd-networkd from interfering
- Static IP added at boot by role-setup via drop-in

k3s-get-token.sh:
- Helper script to display the server join token
- Waits for token file if k3s is still starting

k3s-agent.service:
- Add EnvironmentFile for /etc/default/k3s-agent (K3S_URL, K3S_TOKEN)
- Add After=k3s-role-setup.service and network-online.target

k3s.service:
- Add After=k3s-role-setup.service

packagegroup-kubernetes.bb:
- k3s-host packagegroup now includes k3s-agent (both roles available)
- Both k3s-host and k3s-node include k3s-net-conf

Signed-off-by: Bruce Ashfield &lt;bruce.ashfield@gmail.com&gt;
</content>
</entry>
<entry>
<title>container-dummy-provides: Update to match changes in oe-core</title>
<updated>2026-03-14T15:16:57+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2026-03-14T10:31:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-virtualization.git/commit/?id=4162f89853eeeec194530dfbbb2210143ede1ca9'/>
<id>urn:sha1:4162f89853eeeec194530dfbbb2210143ede1ca9</id>
<content type='text'>
OE-Core made changes to the way dummy providers work, update the
container-dummy-provides to match them. It now needs a hint in layer.conf
to make the core components aware of the presence of the dummy recipe.

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Bruce Ashfield &lt;bruce.ashfield@gmail.com&gt;
</content>
</entry>
<entry>
<title>xen: update documentation with vxn/containerd integration and runtime tests</title>
<updated>2026-02-26T01:05:02+00:00</updated>
<author>
<name>Bruce Ashfield</name>
<email>bruce.ashfield@gmail.com</email>
</author>
<published>2026-02-25T04:38:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-virtualization.git/commit/?id=506d5af230f0b41809dfe754e84d5611b75c6585'/>
<id>urn:sha1:506d5af230f0b41809dfe754e84d5611b75c6585</id>
<content type='text'>
README-xen.md:
- Add vxn and containerd integration section describing all execution
  paths (containerd, vxn standalone, vdkr/vpdmn, native Docker/Podman)
- Add memory requirements section explaining QB_MEM_VALUE=1024 is
  insufficient for vxn/vctr and documenting qemuparams="-m 4096"
- Add runtime tests section with build prerequisites, test commands,
  and skip behavior
- Fix x86-64 runqemu command to include qemuparams="-m 4096"

vxn/README.md:
- Add testing section referencing the pytest runtime test suite

Signed-off-by: Bruce Ashfield &lt;bruce.ashfield@gmail.com&gt;
</content>
</entry>
<entry>
<title>vxn: add host-side OCI image cache and fix Docker iptables conflict</title>
<updated>2026-02-26T01:05:01+00:00</updated>
<author>
<name>Bruce Ashfield</name>
<email>bruce.ashfield@gmail.com</email>
</author>
<published>2026-02-19T16:08:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-virtualization.git/commit/?id=c734621380aed127ee515839aeeb8126f2dcf9ad'/>
<id>urn:sha1:c734621380aed127ee515839aeeb8126f2dcf9ad</id>
<content type='text'>
Add a host-side OCI image cache at ~/.vxn/images/ for the vdkr/vpdmn
standalone Xen path. Images pulled via skopeo are stored in a
content-addressed layout (refs/ symlinks + store/ OCI dirs) so
subsequent runs hit the cache without network access.

New commands on Xen: pull, images, rmi, tag, inspect, image &lt;subcmd&gt;.
The run path is unchanged — cache integration into hv_prepare_container
is deferred to a follow-up.

Also fix Docker iptables conflict: when docker-moby and vxn-docker-config
coexist on Dom0, Docker's default FORWARD DROP policy blocks DHCP for
Xen DomU vifs on xenbr0. Adding "iptables": false to daemon.json
prevents Docker from modifying iptables since VM-based containers
manage their own network stack.

Signed-off-by: Bruce Ashfield &lt;bruce.ashfield@gmail.com&gt;
</content>
</entry>
<entry>
<title>vxn: add Docker/Podman integration and CLI frontends</title>
<updated>2026-02-26T01:05:01+00:00</updated>
<author>
<name>Bruce Ashfield</name>
<email>bruce.ashfield@gmail.com</email>
</author>
<published>2026-02-19T01:53:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-virtualization.git/commit/?id=035e0daebeb53880ea2a6bd0f0e31785f3ec9e55'/>
<id>urn:sha1:035e0daebeb53880ea2a6bd0f0e31785f3ec9e55</id>
<content type='text'>
Add vdkr/vpdmn as Dom0 target packages with Xen auto-detection,
native Docker/Podman config sub-packages, and OCI runtime fixes
for Docker compatibility (JSON logging, root.path, kill --all,
monitor PID lifecycle).

Signed-off-by: Bruce Ashfield &lt;bruce.ashfield@gmail.com&gt;
</content>
</entry>
<entry>
<title>runx, go-build: mark as deprecated in favor of vxn</title>
<updated>2026-02-26T01:05:01+00:00</updated>
<author>
<name>Bruce Ashfield</name>
<email>bruce.ashfield@gmail.com</email>
</author>
<published>2026-02-19T19:14:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-virtualization.git/commit/?id=ba23ccd3390b7fbebfed641ebfcd978a0ba406dd'/>
<id>urn:sha1:ba23ccd3390b7fbebfed641ebfcd978a0ba406dd</id>
<content type='text'>
Update SUMMARY and DESCRIPTION to note that runx is unmaintained
(upstream dormant since 2022) and that vxn provides the same Xen DomU
container functionality with pluggable hypervisor backends. go-build
is the serial FD handler companion to runx and is similarly superseded.

Signed-off-by: Bruce Ashfield &lt;bruce.ashfield@gmail.com&gt;
</content>
</entry>
<entry>
<title>vxn: add containerd OCI runtime integration</title>
<updated>2026-02-26T01:05:01+00:00</updated>
<author>
<name>Bruce Ashfield</name>
<email>bruce.ashfield@gmail.com</email>
</author>
<published>2026-02-18T14:07:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-virtualization.git/commit/?id=9377aede3157a3e7b702dc389c15f27523b673e7'/>
<id>urn:sha1:9377aede3157a3e7b702dc389c15f27523b673e7</id>
<content type='text'>
Add shell-based OCI runtime (vxn-oci-runtime) that enables containerd
to manage Xen DomU containers through the standard runc shim. Non-terminal
container output flows back to ctr via the shim's pipe mechanism.

New files:
- vxn-oci-runtime: OCI runtime (create/start/state/kill/delete/features/logs)
- vxn-sendtty.c: SCM_RIGHTS helper for terminal mode PTY passing
- containerd-shim-vxn-v2: PATH trick wrapper for runc shim coexistence
- containerd-config-vxn.toml: CRI config (vxn default, runc fallback)
- vctr: convenience wrapper injecting --runtime io.containerd.vxn.v2

Key design:
- Monitor subprocess uses wait on xl console (not sleep-polling) for
  instant reaction when domain dies, then extracts output markers and
  writes to stdout (shim pipe -&gt; containerd FIFO -&gt; ctr client)
- cmd_state checks monitor PID liveness (not domain status) to prevent
  premature cleanup race that killed monitor before output
- cmd_delete always destroys remnant domains (no --force needed)
- Coexists with runc: /usr/libexec/vxn/shim/runc symlink + PATH trick

Verified: vctr run --rm, vctr run -d, vxn standalone, vxn daemon mode.

Signed-off-by: Bruce Ashfield &lt;bruce.ashfield@gmail.com&gt;
</content>
</entry>
</feed>
