1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
# SPDX-FileCopyrightText: Copyright (C) 2025 Bruce Ashfield
#
# SPDX-License-Identifier: MIT
#
# container-oci-registry-config.bb
# ===========================================================================
# Configure custom container registry for OCI runtimes (OPT-IN)
# ===========================================================================
#
# FOR OCI-COMPATIBLE RUNTIMES (use /etc/containers/registries.conf.d/):
# - Podman
# - Skopeo
# - Buildah
# - CRI-O
#
# NOT FOR DOCKER - Docker uses /etc/docker/daemon.json
# See: docker-registry-config.bb for Docker configuration
#
# This recipe creates a drop-in configuration file for accessing a custom
# container registry. It is completely OPT-IN and does not modify any
# existing configuration files.
#
# IMPORTANT: This recipe:
# - Does NOT modify docker-distribution or container-host-config
# - Does NOT install automatically - user must add to IMAGE_INSTALL
# - Does NOT clobber public registry access (docker.io, quay.io, etc.)
# - Uses drop-in files in /etc/containers/registries.conf.d/
# - Skips entirely if CONTAINER_REGISTRY_URL is not set
#
# Usage:
# # In local.conf or image recipe - BOTH required:
# CONTAINER_REGISTRY_URL = "localhost:5000"
# CONTAINER_REGISTRY_INSECURE = "1"
# IMAGE_INSTALL:append = " container-oci-registry-config"
#
# ===========================================================================
SUMMARY = "Configure custom container registry for Podman/Skopeo/Buildah (opt-in)"
DESCRIPTION = "Adds drop-in configuration for Podman, Skopeo, Buildah, and CRI-O. \
NOT for Docker (use docker-registry-config for Docker). \
Does NOT modify existing registries.conf - creates a separate file in \
registries.conf.d/ that is merged at runtime. Public registries remain accessible. \
This recipe is opt-in: requires CONTAINER_REGISTRY_URL to be set. \
Use IMAGE_FEATURES container-registry to auto-select based on container engine."
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
# User MUST set these - recipe skips otherwise
CONTAINER_REGISTRY_URL ?= ""
CONTAINER_REGISTRY_INSECURE ?= "0"
CONTAINER_REGISTRY_SEARCH_FIRST ?= "1"
inherit allarch
# Skip recipe entirely if not configured
# User must explicitly set CONTAINER_REGISTRY_URL to enable
python() {
registry = d.getVar('CONTAINER_REGISTRY_URL')
if not registry:
raise bb.parse.SkipRecipe("CONTAINER_REGISTRY_URL not set - recipe is opt-in only")
}
python do_install() {
import os
registry = d.getVar('CONTAINER_REGISTRY_URL')
insecure = d.getVar('CONTAINER_REGISTRY_INSECURE') == "1"
search_first = d.getVar('CONTAINER_REGISTRY_SEARCH_FIRST') == "1"
dest = d.getVar('D')
confdir = os.path.join(dest, d.getVar('sysconfdir').lstrip('/'),
'containers', 'registries.conf.d')
os.makedirs(confdir, exist_ok=True)
# Generate drop-in config
# Filename starts with 50- so it's processed after base config but
# can be overridden by higher-numbered files
config_path = os.path.join(confdir, '50-custom-registry.conf')
with open(config_path, 'w') as f:
f.write(f"# Custom container registry: {registry}\n")
f.write(f"# Generated by container-registry-config recipe\n")
f.write(f"# This is ADDITIVE - base registries.conf is unchanged\n")
f.write(f"# Public registries (docker.io, quay.io) remain accessible\n")
f.write(f"#\n")
f.write(f"# To remove: uninstall container-registry-config package\n")
f.write(f"# or delete this file\n\n")
if search_first:
# Add to unqualified-search-registries
# This means short names like "myapp:latest" will search here first
f.write(f"# Search this registry for unqualified image names\n")
f.write(f'unqualified-search-registries = ["{registry}"]\n\n')
if insecure:
# Mark registry as insecure (HTTP or self-signed TLS)
f.write(f"# Registry uses HTTP or has untrusted TLS certificate\n")
f.write(f'[[registry]]\n')
f.write(f'location = "{registry}"\n')
f.write(f'insecure = true\n')
bb.note(f"Created registry config for {registry} (insecure={insecure})")
}
FILES:${PN} = "${sysconfdir}/containers/registries.conf.d"
# Soft dependency - works with or without container-host-config
# If container-host-config is installed, our drop-in extends it
RRECOMMENDS:${PN} = "container-host-config"
|
