diff options
| author | Bruce Ashfield <bruce.ashfield@gmail.com> | 2026-02-09 03:17:37 +0000 |
|---|---|---|
| committer | Bruce Ashfield <bruce.ashfield@gmail.com> | 2026-02-09 03:34:12 +0000 |
| commit | 7297ba3aeba2cef546c9245b2b6ae1139568cf40 (patch) | |
| tree | 44aaa859e1641b057dd39a9c46bf8321db50ca24 /recipes-containers/docker/README.rootless | |
| parent | 52fc4ca7c75594fe8b3c92a9f88df19f8f4d0944 (diff) | |
| download | meta-virtualization-7297ba3aeba2cef546c9245b2b6ae1139568cf40.tar.gz | |
vcontainer: add secure registry support with virtio-9p CA transport
Enable vdkr/vcontainer to pull from TLS-secured registries by
transporting the CA certificate via virtio-9p shared folder.
vcontainer-common.sh: Add --secure-registry, --ca-cert, --registry-user,
--registry-password CLI options. Auto-detect bundled CA cert at
registry/ca.crt in the tarball and enable secure mode automatically.
vrunner.sh: Copy CA cert to the virtio-9p shared folder for both
daemon and non-daemon modes. Fix daemon mode missing _9p=1 kernel
cmdline parameter which prevented the init script from mounting the
shared folder.
vdkr-init.sh: Read CA cert from /mnt/share/ca.crt (virtio-9p) instead
of base64-decoding from kernel cmdline (which caused truncation for
large certificates). Install cert to /etc/docker/certs.d/{host}/ca.crt
for Docker TLS verification. Support optional credential passing for
authenticated registries.
vcontainer-tarball.bb: Add script files to SRC_URI for proper file
tracking and rebuild triggers.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Diffstat (limited to 'recipes-containers/docker/README.rootless')
0 files changed, 0 insertions, 0 deletions