| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The existing environment-setup-* script uses BASH_SOURCE to derive
VCONTAINER_DIR, which is empty when parsed by yocto-autobuilder-helper's
enable_tools_tarball() since it doesn't evaluate shell expressions.
Generate a separate environment-setup-ci with flat export lines using
baked-in absolute paths from ${SDKPATH}/${SDKPATHNATIVE}. The AB parser
picks these up directly. SDK relocation rewrites the paths at install
time. The interactive bash script is unchanged.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add --scan-licenses to oe-go-mod-fetcher.py which scans Go module zips
for license files and generates go-mod-licenses.inc with LICENSE and
LIC_FILES_CHKSUM entries matching OE-core's go-mod-update-modules format.
License detection uses OE-core's glob patterns and MD5 + crunched MD5
matching against known SPDX licenses. The hash database resolves from:
1. --common-license-dir (explicit path)
2. Auto-detected poky tree common-licenses
3. Bundled scripts/data/license-hashes.csv (offline fallback)
New files:
- scripts/generate-license-hashes.py: regenerate bundled CSV
- scripts/data/license-hashes.csv: pre-computed hash DB (704 entries)
bbclass changes:
- go-mod-discovery: pass --scan-licenses during do_generate_modules
- GO_MOD_DISCOVERY_SKIP_LICENSES variable to bypass scanning
- do_update_license_hashes task to refresh bundled CSV
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
| |
|
|
|
|
|
|
|
| |
Replace the go-mod-update-modules generated cosign-licenses.inc with
go-mod-licenses.inc produced by oe-go-mod-fetcher --scan-licenses.
The new file is generated during discover_and_generate alongside the
other .inc files.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Convert from go-mod + go-mod-update-modules to go-mod-vcs hybrid
fetch mode, consistent with other Go recipes in the layer (k3s,
nerdctl, docker-compose, etc.).
- Replace cosign-go-mods.inc (gomod:// only) with generated
go-mod-hybrid-{gomod,git,cache}.inc and go-mod-{git,cache}.inc
- Keep cosign-licenses.inc for dependency license tracking (our
go-mod-vcs tooling does not yet generate license metadata)
- Add GO_MOD_VCS_EXCLUDE for buf.build (no git repo) and
software.sslmate.com/src/go-pkcs12 (unreachable commit)
- Set GO_MOD_DISCOVERY_SRCDIR to match go.bbclass source layout
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the fetcher encounters unverifiable commits or modules with no
repository metadata, the error messages now show two equivalent options:
Option 1: For bitbake users (most common) — add GO_MOD_VCS_EXCLUDE
and a gomod:// SRC_URI entry to the recipe, fetching the module via
the Go module proxy instead of git.
Option 2: For direct oe-go-mod-fetcher.py invocation — pass
--inject-commit / --set-repo on the command line with a complete
example showing all required arguments.
Both options produce the same result. The previous messages only
suggested --inject-commit and --set-repo without context on where
or how to use them.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add cosign [1] recipe for sigstore's [2] container signing, verification
and storage tool [3]. Includes auto-generated Go module dependencies and
license tracking via go-mod-update-modules.
[1] https://github.com/sigstore/cosign/releases/tag/v3.0.6
[2] https://www.sigstore.dev/
[3] https://docs.sigstore.dev/cosign/signing/overview/
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On sstate-accelerated builds, the kernel binary (bzImage/Image) was
missing from MC_DEPLOY because do_compile depended on the image
recipes' do_image_complete, which runs before do_build. The kernel
deploy dependency (virtual/kernel:do_deploy) is attached to do_build
in image.bbclass, so depending on do_image_complete cut the chain
short and virtual/kernel:do_deploy was never guaranteed to have run.
Fix by depending on do_build instead of do_image_complete. The image
artifacts (cpio.gz, squashfs) are already in DEPLOY_DIR_IMAGE after
do_image_complete, so they remain available. do_build additionally
ensures virtual/kernel:do_deploy has completed, placing the kernel
in MC_DEPLOY for our do_compile to copy.
This avoids adding an explicit virtual/kernel:do_deploy dependency
which would couple this recipe to the kernel and prevent use cases
where the kernel is provided externally.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
vdkr.run() merges stderr into stdout (see conftest.py), so the
error message ends up in result.stdout even though the script
writes it to stderr (>&2).
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The PACKAGECONFIG[systemd] variable is assigned twice, with the second assignment overriding the first.
This patch removes the unused assignment to avoid confusion.
The duplication was introduced in an August 25, 2022 patch:
05f316f7 lxc: update to 5.x and meson
Verfied that the build did not change after this deletion by checking the log files before and after
and finding the same message:
export systemd_system_unitdir="/usr/lib/systemd/system"
export systemd_unitdir="/usr/lib/systemd"
export systemd_user_unitdir="/usr/lib/systemd/user"
Signed-off-by: Kris Gavvala <kris.gavvala@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
libvirt has removed support for avahi in version 5.5.0 in 2019:
* Remove Avahi mDNS support
This feature was never used outside of virt-manager, which has itself
stopped using it a while ago.
Signed-off-by: Louis Rannou <louis.rannou@non.se.com>
Signed-off-by: Louis Rannou <louis.rannou@semalibre.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The update cycle used the git tags to update the PV version,
but when you build podman, the version pulled into the
executables is from: version/rawversion/version.go
Which currently reports: 5.8.3-dev
Bumping the PV to match.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
The entire file is conditional, we don't need protections on the
SRC_URI entries.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DISTRO_FEATURES_DEFAULT has been obsoleted [1][2].
Follow the pattern in meta-yocto [3] and remove it.
Fixes:
ERROR: Nothing PROVIDES 'nativesdk-libseccomp' ...
[1] https://git.openembedded.org/openembedded-core/commit/meta/conf?id=0548ea447445834647be7ef35ed0ae8d1d3387b3
[2] https://git.openembedded.org/openembedded-core/commit/meta/conf?id=159148f4de2595556fef6e8678578df83383857b
[3] https://git.yoctoproject.org/meta-yocto/commit/?id=96085aaec5bfb33c4e4322465eaf0af370db6fc0
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes yocto-check-layer failures:
ca-certificates:do_recipe_qa: 4d7b7adb7436eeb5714c354f3c590e7e69294ea044452343d24e64c92d5c040f -> c1676ce811efe714731b666ccd683586477f7a1b52ad7597148bd9d709291220
List of dependencies for variable SRC_URI changed from 'frozenset({'PV', 'SRC_URI[sha256sum]', 'BPN'})' to 'frozenset({'SRC_URI[le-r11.sha256sum]', 'BPN', 'SRC_URI[le-e8.sha256sum]', 'PV', 'SRC_URI[sha256sum]'})'
Variable SRC_URI value changed:
@@ -1 +1,2 @@
-${DEBIAN_MIRROR}/main/c/ca-certificates/${BPN}_${PV}.tar.xz file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch file://0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
+${DEBIAN_MIRROR}/main/c/ca-certificates/${BPN}_${PV}.tar.xz file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch file://0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch ${@bb.utils.contains('DISTRO_FEATURES', 'virtualization', 'https://letsencrypt.org/certs/2024/e8.pem;name=le-e8;unpack=0 https://letsencrypt.org/certs/2024/r11.pem;name=le-r11;unpack=0', '', d)}
+DISTRO_FEATURES{virtualization} = Unset
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
OE-Core needs to make some improvements to the way DISTRO_FEATURES is being built
but this will break the way meta-virtualization is handling native propagation.
Use DISTRO_FEATURES_FILTER_NATIVE which is designed for this.
That then means updating the bbappend just to look at DISTRO_FEATURES and to
look for both possible values.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Podman is hosted under github as podman and not libpod. Accessing
github.com/containers/libpod automatically forwards to
github.com/containers/podman.
This commit does not really fix a problem but reflects more the current
repository name.
Signed-off-by: Patrick Vogelaar <patrick.vogelaar@belden.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping libpod to version v5.8.2-5-g88c5aaeec6, which comprises the following commits:
78da75528f Install WiX v5.0.2 to build the Windows installer
7a47175665 Bump Podman to v5.8.3-dev
5b263b5f5b Bump to v5.8.2
884cd28228 Release notes for v5.8.2
6cffe93d88 hyperV: fix powershell path escape
f13de01b6d cirrus: bump linux machine aarch64 test timeout
d1cf366b0f Remove iptables references in upgrade tests
add385e31c bindings: artifact extract reject invalid names
a49ad4be81 use chrootarchive over plain archive package
92cd24903f fix symlink handling in checkpoint restore
0fa3043415 add missing O_CLOEXEC to open calls
9c262736e4 Fix Quadlet `Lookup()` stripping unmatched quotes
75820ddac5 Add e2e test for shell driver DriverOpts cross-contamination fix
e9fe245626 Fix shell driver DriverOpts cross-contamination in secret creation
7250b06e25 libpod: fix data race on deferredErr in attachExecHTTP
51b5c59310 Consolidate build secret tests and assert no podman-build-secret leak
15a2a7d605 Remote build: `nTar` secrets with relative paths and ignore bypass
e5fe3fdf69 api: fix missing return after error in SystemCheck handler
c91cd99291 test: relax rootless runc pid namespace assertion
26047f43b5 New images 2026-03-19
d49a9208bd cirrus: ensure NOTIFY_SOCKET is properly unset for all tests
1a9ae9dcba update fedoral base image to 43 and related tests
759df25a88 new image sfx for debian 14
28a39dd1ba libpod: Don't dereference ctrSpec.Linux if it is nil
7f37fbd6af quadlet: allow empty Entrypoint to clear image default
24fd9eb605 [v5.8] Bump Buildah to 1.43.1, c/common v0.67.1, c/image v5.39.2
42ac589e4d bump go-jose/go-jose to v4.1.4
fcc6ae217c [v5.8] Fix `unless-stopped` containers not restarting after ...
6a9ea849a0 Bump Podman to v5.8.2-dev
c6077f6457 Bump to v5.8.1
dfe5dae2d6 Release notes for v5.8.1
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change VdkrRunner.run() and VpdmnRunner.run() to use Popen with
start_new_session=True, stdin=DEVNULL, and file-based stdout instead
of subprocess.run(capture_output=True). This prevents daemon background
processes from inheriting pipe FDs, which causes communicate() to hang
in CI/test harness environments (e.g., buildbot).
The fix applies to all commands, not just memres start, because any
vdkr command can auto-start the daemon (auto-daemon is enabled by
default).
Also fix test_volume_mount_requires_memres to check both stdout and
stderr for the error message, since stderr is now merged into stdout
by the Popen approach.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The memres start operation spawns long-running background processes
(host-side idle watchdog and Xen domain monitor) that persist beyond
the vrunner.sh script. These processes inherited file descriptors
0/1/2 from the parent shell without redirection.
When invoked through a harness capturing output via pipes—such as
pytest's subprocess.run(..., capture_output=True)—the inherited pipe
write-ends kept the caller's read/communicate() operations blocked
until memres stop executed, potentially for up to 30 minutes
(IDLE_TIMEOUT default).
The fix fully detaches stdio from three background spawners:
- vrunner.sh: Watchdog subshell now redirects stdin from /dev/null,
stdout/stderr to /dev/null, and uses disown
- vrunner-backend-qemu.sh: Adds stdin redirection from /dev/null
to existing log file redirections
- vrunner-backend-xen.sh: Applies same detachment plus disown for
daemon mode; redirects stdin for ephemeral-mode console reader
From: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
memres start spawns background processes (QEMU VM, idle watchdog)
that persist after the vrunner script exits. When invoked via
subprocess.run(capture_output=True), these background processes
inherit the pipe file descriptors, preventing communicate() from
returning until all pipe holders exit — which can be 30+ minutes
(the idle timeout).
Fix by using Popen with:
- stdin=subprocess.DEVNULL (no inherited stdin pipe)
- file-based stdout (no pipe FDs to inherit)
- start_new_session=True (new process group, so wait() only
waits for the parent script, not the background children)
This matches the behavior when running from a shell, where the
daemon processes are fully detached from the caller's FD table.
Applied to both VdkrRunner and VpdmnRunner memres_start methods.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test classes that depend on vmemres (daemon mode) were not marked,
causing them to run even when filtered with '-m "not memres"'. This
caused timeout failures on CI/buildbot environments where KVM may
not be available and daemon startup exceeds the test timeout.
Mark the following classes with @pytest.mark.memres in both
test_vdkr.py and test_vpdmn.py:
- TestMemresBasic
- TestPortForwarding (vdkr only)
- TestContainerLifecycle
- TestVolumeMounts
- TestSystem
- TestVstorage
- TestRun
- TestAutoStartDaemon (vdkr only)
- TestDynamicPortForwarding (vdkr only)
- TestPortForwardRegistry (vdkr only)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
CVE_PRODUCT has been set to docker:registry to align with the NVD CPE
product namespace for the distribution/registry codebase.
Only a single CPE entry exists in the NVD for this product:
cpe:2.3:a:docker:registry
This ensures CVEs tracked for docker registry are matched for this recipe.
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since libvirt was upgraded to v12.1.0, the new systemd service file
virt-secret-init-encryption.service has been introduced, and it requires
systemd to add openssl to PACKAGECONFIG. Because systemd-creds encrypt
command will be executed in the service file, which depends on openssl
is enabled.
Meanwhile this service was added into the dependency chain of the main service
libvirtd.service, and will be enabled by default by libvirtd service without
any build dependency detection according to the original upstream commit
https://github.com/libvirt/libvirt/commit/97758bc9a0b1fccf8c0009308658f1204b113b89
In systemd oe-core recipe, the openssl PACKAGECONFIG is disabled at default.
Finally the service file virt-secret-init-encryption.service and libvirtd will
be failed as the following error:
> # systemctl status libvirtd -l
* libvirtd.service - libvirt legacy monolithic daemon
Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; preset: enabled)
Active: inactive (dead)
TriggeredBy: * libvirtd.socket
* libvirtd-ro.socket
* libvirtd-admin.socket
Docs: man:libvirtd(8)
https://libvirt.org/
systemd[1]: Dependency failed for libvirt legacy monolithic daemon.
systemd[1]: libvirtd.service: Job libvirtd.service/start failed with result 'dependency'
> # journalctl -xe
A start job for unit virt-secret-init-encryption.service has begun execution.
systemd-creds[1251]: Support for encrypted credentials not available.
systemd[1]: virt-secret-init-encryption.service: Main process exited, code=exited, status=1/FAILURE
The above error info "Support for encrypted credentials not available." comes
from systemd-creds command provided by systemd without HAVE_OPENSSL option at
the source code src/shared/creds-utils.c
Here we enable openssl for systemd when 'virtualization' is in distro feature.
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The workaround is not needed anymore as the systemd supporting.
The libvirtd.service Type has been changed from notify to notify-reload,
so the final Type will be 'forking-reload', that's invalid for systemd.
Here we delete it to avoid the following output information:
>/lib/systemd/system/libvirtd.service:29: Failed to parse Type=forking-reload, ignoring: Invalid argument
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE_PRODUCT has been set to criu:checkpoint/restore_in_userspace to align
with the product naming used in the NVD CPE database for criu.
The slash-containing product token is intentional as NVD references this
project under checkpoint/restore_in_userspace.
Only a single CPE entry exists in the NVD for this product:
cpe:2.3:a:criu:checkpoint/restore_in_userspace
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`CVE_PRODUCT` has been set to `linuxfoundation:container_network_interface linuxfoundation:cni_network_plugins`
to align with the product naming defined in the NVD CPE database for `cni`.
The NVD CPE database contains product variants for this project under:
`cpe:2.3:a:linuxfoundation:container_network_interface`
`cpe:2.3:a:linuxfoundation:cni_network_plugins`
The NVD references for these CPEs confirm that they correspond to the
source code used in our recipe.
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Since upstream commit dbc920030 ("test: add new test program for
connection checks"), netavark test suite no longer uses ncat (from
nmap). The tests now use a built-in Rust-based connection tester
(netavark-connection-tester) instead. This change was included starting
from v1.16.0, so the nmap dependency is no longer needed.
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From the upstream description:
The `cdi` command-line tool is a utility for inspecting and interacting with the CDI (Container Device Interface) cache.
It allows developers and system administrators to:
- List CDI Spec files: View all available CDI specification files in the configured directories
- List vendors: Display registered device vendors in the CDI cache
- List device classes: Show available device classes from CDI Specs
- List devices: Enumerate all CDI devices available in the system
- Validate specs: Verify CDI specification files against the JSON schema
- Inject devices: Inject CDI device configurations into OCI runtime specifications
- Monitor cache: Watch for changes in the CDI cache and Spec directories
- Resolve devices: Resolve fully-qualified device names to their configurations
The CLI tool is particularly useful for debugging CDI configurations, validating spec files, and testing device assignments before deploying them in production environments.
Signed-off-by: Koen Kooi <koen.kooi@oss.qualcomm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We drop the inline error supression, since upstream has it in
commit c0fffce
New upstream version installs /usr/lib/sysusers.d/libvirt-dbus.conf
for systemd-sysusers user/group creation. Add the directory to FILES
to fix installed-vs-shipped QA error.
Bumping libvirt-dbus to version v1.4.1-46-gd1c49c2, which comprises the following commits:
d1c49c2 domain: Fix incorrect free of GString variable
c0fffce build: Do not use -Winline
f1d2f64 ci: refresh with latest 'lcitool manifest'
2105c17 Introduce sysusers config file to create libvirtdbus user
0643cd8 ci: refresh with latest 'lcitool manifest'
ded4bc8 ci: refresh with latest 'lcitool manifest'
8f06b76 ci: switch to remote git refs for dependent projects
2fa70fd ci: refresh with lcitool manifest
ea96102 spec: use systemd macros to handle services
d0a5650 spec: use systemd macro to specify path of user unit directory
c281c50 ci: lcitool: Maintain project package deps lists here
193248a rpm: convert license to SPDX format
c8bb8ac meson: bump required libvirt version to 3.1.0
08f7541 events: Remove extra white spaces at the end of line
d37813b Remove GetBlockInfo method from Domain Interface
4a971c4 ci: add Fedora 37 target
58a9f53 ci: upgrade opensuse leap from 153 to 154
24e43b4 ci: refresh with latest lcitool manifest
697ef0b ci: drop unsupported targets
ef9430e HACKING: Use gitlab as main repository
4fbd82e ci: refresh with latest lcitool manifest
8333b9f spec: add systemd-rpm-macros as build dependency
35173fa ci: add Fedora 36
3b070a5 ci: refresh generated files
111fe77 ci: drop unsupported Fedora 34
95ac644 README: update libvirt dbus bindings link
23267d4 ci: Add more target platforms
d62b5b1 ci: Build RPMs on CentOS Stream 8
5232cb9 ci: Refresh generated files
6eb24e9 ci: Drop unsupported targets
d130ab0 ci: Move Coverity job from CentOS 8 to AlmaLinux 8
2757a47 ci: Add AlmaLinux 8
053d238 ci: Drop Travis CI support
3077aa8 Add .gitattributes file
502c8b5 rpm: Drop conditional needed on RHEL 7
b685a89 Fix meson run_command with check param
87b16e9 Implement GetBlockInfo, SetBlockThreshold methods and BlockThreshold signal for Domain Interface
3d64429 Switch to new GitHub repo-lockdown configuration
f4d3863 ci: remove obsolete refresh script and documentation
2b0a513 ci: re-generate containers/gitlab config from manifest
fa892e3 ci: define a CI manifest file
b1bd1d2 gitlab: skip tests on ubuntu 18.04
c7df361 gitlab: remove centos-7 build target
204d341 meson: Fix systemd services install when --prefix was specified
6ef9bb9 ci: refresh centos-stream container
ce6cf93 gitlab: use custom docker:dind image
0c355bb Release of libvirt-dbus 1.4.1
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
The unconditional bbappend to ca-certificates breaks yocto-check-layer
compatibility when the layer is included without 'virtualization' in
DISTRO_FEATURES. Guard both the SRC_URI additions and the do_install
append with a bb.utils.contains check, matching the pattern used by
other bbappends in the layer (busybox, qemu, etc.).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The kernel was copied from DEPLOY_DIR_IMAGE which resolves to the main
build config's deploy directory — not the multiconfig's. On autobuilder
setups with sstate, this caused the kernel to be missing from the vdkr
blob directory because:
1. The mcdepends (mc:<mc>::virtual/kernel:do_deploy) depended on the
main config's kernel, which may be a different architecture
2. DEPLOY_DIR_IMAGE pointed to the main deploy dir, not the
multiconfig's tmp-vruntime-<arch>/deploy/images/<machine>/
Fix by using MC_DEPLOY (the multiconfig's deploy directory) for the
kernel path, consistent with how initramfs and rootfs are already
copied. Remove the cross-multiconfig mcdepends since the kernel is
built as a transitive dependency of the rootfs image within the same
multiconfig.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The commit [1] from openembedded-core, removes the possibility to use
autotools bbclass when the configure script is missing. Because the
cockpit-machines release tarball always ships pre-built assets in dist/,
there is no need to use autotools to build the package.
This commit fixes the following build error:
ERROR: cockpit-machines-346-r0 do_configure: no configure script
found at ./configure
[1]: autotools: require that a configure script exists
SHA: 6d327a39befae44a88a812bdf4acde800dcee57b
Signed-off-by: Tanguy Raufflet <tanguy.raufflet@savoirfairelinux.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The meson.build from libvirt-dbus enables the flag -Winline. Combined
with -Werror from Yocto, this causes a build failure because GCC refuses
to inline g_autoptr_cleanup_generic_gfree() from the glib header
glib-autocleanups.h, as it considers the call unlikely and estimates
code size would grow.
Because the function g_autoptr_cleanup_generic_gfree is defined as
static inline with good reason, this patch disables -Werror=inline for
libvirt-dbus to allow the build to succeed.
Signed-off-by: Tanguy Raufflet <tanguy.raufflet@savoirfairelinux.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vcontainer-common.sh:
- Fix docker/podman login hanging silently in daemon mode. The login
command requires interactive stdin for the password prompt, which
the non-interactive daemon-send channel cannot provide. Use
daemon-interactive mode (same as vshell/exec -it) which provides
TTY passthrough via the virtio-serial + socat + expect channel.
ca-certificates bbappend:
- Add Let's Encrypt E8 (ECDSA) and R11 (RSA) intermediate certificates
via a ca-certificates bbappend. Certs are fetched at build time from
letsencrypt.org and installed into the standard CA certificate path.
update-ca-certificates incorporates them into the system CA bundle.
- Some registries (e.g., registry.yocto.io) don't send the full
certificate chain, causing TLS verification to fail with Go programs
(Docker, skopeo, podman) even though the root CAs are present.
vdkr-rootfs-image.bb:
- Add ca-certificates to IMAGE_INSTALL
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PACKAGE_ARCH must be "${SDK_ARCH}-${SDKPKGSUFFIX}" (e.g. x86_64-nativesdk)
to match the pattern explicitly listed in SSTATE_ARCHS in
meta/classes-global/sstate.bbclass.
do_create_recipe_spdx writes the static SPDX document under
DEPLOY_DIR_SPDX/${SSTATE_PKGARCH}/static/
where SSTATE_PKGARCH = PACKAGE_ARCH. do_create_spdx then calls
find_jsonld() which searches only the arch directories listed in
SPDX_MULTILIB_SSTATE_ARCHS (derived from SSTATE_ARCHS via
all_multilib_tune_values).
The previous value "${SDK_ARCH}_${SDK_OS}" evaluates to "x86_64_linux"
which is NOT listed in SSTATE_ARCHS, so the static document was written
to a directory never searched, causing the fatal:
ERROR: Could not find a static SPDX document named static-vcontainer-tarball
The correct value "${SDK_ARCH}-${SDKPKGSUFFIX}" evaluates to
"x86_64-nativesdk" which IS listed in SSTATE_ARCHS as the literal
"${SDK_ARCH}-${SDKPKGSUFFIX}" entry, and matches the pattern used by
buildtools-tarball.bb (the reference for host-only SDK tarballs with
TARGET_ARCH = "none" / TARGET_OS = "none").
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Alpine minirootfs is container-oriented and doesn't include openrc.
The default /sbin/init is a symlink to /sbin/openrc which doesn't
exist, causing a boot loop with:
can't run '/sbin/openrc': No such file or directory
Add init=/bin/sh to the guest kernel cmdline so the guest boots to
a shell prompt instead of failing to find the init system.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
Move local wic files to the new expected location files/wic, needed after
the wic migration to a standalone project outside oe-core.
Signed-off-by: Ricardo Salveti <ricardo.salveti@oss.qualcomm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
New version of yq need set CGO_ENABLED="0" when compiling,
and this causes do_compile failure for 32 bits target as below:
-buildmode=pie requires external (cgo) linking, but cgo is not enabled
Tool go's internal linker doesn't support PIE for linux 32 bits target,
so -buildmode=pie requires external (cgo) linking on ARM and x86.
To fix this conflict with CGO_ENABLED="0", remove "-buildmode=pie"
from GOBUILDFLAGS.
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
| |
Incus is only tested and supported on x86-64 and aarch64.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Enable incus VM management with PACKAGECONFIG[vm], which pulls in
qemu, virtiofsd, and ovmf as runtime dependencies.
Usage: PACKAGECONFIG:append:pn-incus = " vm"
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
pexpect-based tests covering:
- Daemon startup via systemd
- incus-admin group creation
- incus admin init --minimal
- Alpine container launch, exec, stop, delete
Run: pytest tests/test_incus_runtime.py -v --machine qemux86-64
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add CONTAINER_PROFILE=incus support so incus can be selected as the
container engine for container-image-host:
require conf/distro/include/container-host-incus.conf
MACHINE = "qemux86-64"
bitbake container-image-host
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Incus is the community fork of LXD, providing a unified experience
for running and managing system containers and virtual machines.
Built on LXC 6.0 with cowsql for distributed cluster state.
Uses go-mod-discovery with hybrid fetch mode for Go module
dependencies.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Distributed SQLite implementation using the Raft protocol, required
by Incus for cluster database storage.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
C implementation of the Raft consensus protocol, required by cowsql
for distributed SQLite used by Incus.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the multi-node test fixture to use kernel cmdline parameters
(k3s.role, k3s.node-ip, k3s.node-name) instead of manual IP
configuration and k3s restart. The k3s-role-setup.service handles
networking and role switching automatically on boot.
- Pass kernel_append to K3sRunner for k3s.role and k3s.node-ip
- Remove manual ip-addr-add and k3s stop/restart from fixture
- Use k3s-get-token helper to extract join token on server
- Agent starts k3s agent manually with extracted token (token
not known at boot time)
- Remove _QEMU_ARCH_CONFIG dict (moved to run-qemu-vm.sh script)
All 10 tests pass: 5 single-node + 5 multi-node.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
test_k3s_runtime.py:
- Use run-qemu-vm.sh script for multi-node QEMU launches instead of
inline command building (shared infrastructure with manual testing)
- Resolve script path to absolute for pexpect compatibility
- Accept >= 1 Ready node in single-node test (persistent rootfs state)
README.md:
- Complete rewrite with current build profile workflow
- Document single-node quick start and multi-node cluster setup
- Document kernel cmdline parameters for role-based boot
- Document k3s-get-token helper, packages, and useful commands
- Add automated testing instructions
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
run-qemu-vm.sh:
- Architecture-aware QEMU launcher (x86-64, arm64)
- Finds native QEMU binary and libraries from build sysroots
- Supports KVM auto-detection, socket networking, custom rootfs
- Reusable by both humans and the pytest test suite
run-k3s-multinode.sh:
- Launches server or agent VMs for k3s multi-node testing
- Passes k3s.role, k3s.server, k3s.token, k3s.node-ip, k3s.node-name
via kernel cmdline for automatic guest-side configuration
- Creates rootfs copy for agent VM (can't share ext4 read-write)
- Prints usage instructions when run without arguments
Usage:
Terminal 1: ./scripts/run-k3s-multinode.sh server
Server VM: k3s-get-token
Terminal 2: ./scripts/run-k3s-multinode.sh agent --token <TOKEN>
Server VM: kubectl get nodes
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add infrastructure for booting the same container-image-host image
as either a k3s server or agent, controlled via kernel cmdline
parameters (k3s.role=server|agent).
k3s-role-setup.service / k3s-role-setup.sh:
- Reads k3s.role, k3s.server, k3s.token, k3s.node-name, k3s.node-ip,
k3s.iface from kernel cmdline
- Configures cluster network interface IP via networkd drop-in
- For agent role: masks k3s.service, writes agent environment file,
starts k3s-agent.service
- For server role: masks k3s-agent.service (default)
10-k3s-cluster.network:
- Claims the cluster interface (eth1) via virt_networking bbclass
- Disables DHCP to prevent systemd-networkd from interfering
- Static IP added at boot by role-setup via drop-in
k3s-get-token.sh:
- Helper script to display the server join token
- Waits for token file if k3s is still starting
k3s-agent.service:
- Add EnvironmentFile for /etc/default/k3s-agent (K3S_URL, K3S_TOKEN)
- Add After=k3s-role-setup.service and network-online.target
k3s.service:
- Add After=k3s-role-setup.service
packagegroup-kubernetes.bb:
- k3s-host packagegroup now includes k3s-agent (both roles available)
- Both k3s-host and k3s-node include k3s-net-conf
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
It has been like this for many years now, so clearly not
causing an issue, but we might as well fix it.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
