blob: 0bcf40b65be413681f5136c340845f9f82ac5be3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
# SPDX-FileCopyrightText: Copyright (C) 2025 Bruce Ashfield
#
# SPDX-License-Identifier: MIT
#
# vdkr-rootfs-image.bb
# Minimal Docker-capable image for vdkr QEMU environment
#
# This image is built via multiconfig and used by vdkr-initramfs-create
# to provide a proper rootfs for running Docker in QEMU.
#
# Build with:
# bitbake mc:vruntime-aarch64:vdkr-rootfs-image
# bitbake mc:vruntime-x86-64:vdkr-rootfs-image
#
# Optional baked-in registry defaults (can still be overridden via CLI):
# Uses the same variables as container-registry infrastructure:
# CONTAINER_REGISTRY_URL = "10.0.2.2:5000"
# CONTAINER_REGISTRY_NAMESPACE = "yocto"
# CONTAINER_REGISTRY_INSECURE = "1" (or DOCKER_REGISTRY_INSECURE)
SUMMARY = "Minimal Docker rootfs for vdkr"
DESCRIPTION = "A minimal image containing Docker tools for use with vdkr. \
This image runs inside QEMU to provide Docker command execution."
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
# Track init script changes via file-checksums
# This adds the file content hash to the task signature
do_rootfs[file-checksums] += "${THISDIR}/files/vdkr-init.sh:True"
do_rootfs[file-checksums] += "${THISDIR}/files/vcontainer-init-common.sh:True"
# Force rebuild control:
# Set VCONTAINER_FORCE_BUILD = "1" in local.conf to disable stamp caching
# and force rootfs to always rebuild. Useful when debugging dependency issues.
# Default: use normal stamp caching (file-checksums handles init script changes)
VCONTAINER_FORCE_BUILD ?= ""
python () {
if d.getVar('VCONTAINER_FORCE_BUILD') == '1':
d.setVarFlag('do_rootfs', 'nostamp', '1')
}
# Inherit from core-image-minimal for a minimal base
inherit core-image
# We need Docker and container tools
# Note: runc is explicitly listed because vruntime distro sets
# VIRTUAL-RUNTIME_container_runtime="" to avoid runc/crun conflicts.
IMAGE_INSTALL = " \
packagegroup-core-boot \
docker-moby \
containerd \
runc \
skopeo \
busybox \
iproute2 \
iptables \
util-linux \
kernel-modules \
"
# No extra features needed
IMAGE_FEATURES = ""
# Keep the image small
IMAGE_ROOTFS_SIZE = "524288"
IMAGE_ROOTFS_EXTRA_SPACE = "0"
# Registry defaults - reuse common container-registry variables
# Empty URL means no baked config (can still configure via CLI)
CONTAINER_REGISTRY_URL ?= ""
CONTAINER_REGISTRY_NAMESPACE ?= "yocto"
CONTAINER_REGISTRY_INSECURE ?= "0"
DOCKER_REGISTRY_INSECURE ?= ""
# Use squashfs for smaller size (~3x compression)
# The preinit mounts squashfs read-only with tmpfs overlay for writes
IMAGE_FSTYPES = "squashfs"
# Install our init script
ROOTFS_POSTPROCESS_COMMAND += "install_vdkr_init;"
install_vdkr_init() {
# Install vdkr-init.sh as /init and vcontainer-init-common.sh alongside it
install -m 0755 ${THISDIR}/files/vdkr-init.sh ${IMAGE_ROOTFS}/init
install -m 0755 ${THISDIR}/files/vcontainer-init-common.sh ${IMAGE_ROOTFS}/vcontainer-init-common.sh
# Create required directories
install -d ${IMAGE_ROOTFS}/mnt/input
install -d ${IMAGE_ROOTFS}/mnt/state
install -d ${IMAGE_ROOTFS}/var/lib/docker
install -d ${IMAGE_ROOTFS}/run/containerd
# Create skopeo policy
install -d ${IMAGE_ROOTFS}/etc/containers
echo '{"default":[{"type":"insecureAcceptAnything"}]}' > ${IMAGE_ROOTFS}/etc/containers/policy.json
# Create baked-in registry config if specified
# Uses common CONTAINER_REGISTRY_* variables for consistency
# These defaults can be overridden via kernel cmdline (docker_registry=)
#
# NOTE: localhost URLs are auto-translated to 10.0.2.2 for QEMU slirp networking
# This allows CONTAINER_REGISTRY_URL=localhost:5000 to work for both:
# - Host-side operations (registry script, pushing)
# - vdkr inside QEMU (via 10.0.2.2 slirp gateway)
install -d ${IMAGE_ROOTFS}/etc/vdkr
if [ -n "${CONTAINER_REGISTRY_URL}" ]; then
cat > ${IMAGE_ROOTFS}/etc/vdkr/registry.conf << 'VDKR_EOF'
# vdkr registry defaults (baked at build time)
# These can be overridden via:
# - Kernel cmdline: docker_registry=... docker_insecure_registry=...
# - vdkr CLI: vdkr --registry ... or vdkr vconfig registry ...
VDKR_EOF
# Build registry URL with namespace
# Translate localhost to 10.0.2.2 for QEMU slirp networking
QEMU_REGISTRY_URL=$(echo "${CONTAINER_REGISTRY_URL}" | sed 's/^localhost/10.0.2.2/' | sed 's/^127\.0\.0\.1/10.0.2.2/')
echo "VDKR_DEFAULT_REGISTRY=\"${QEMU_REGISTRY_URL}/${CONTAINER_REGISTRY_NAMESPACE}\"" >> ${IMAGE_ROOTFS}/etc/vdkr/registry.conf
# Handle insecure registries - check both DOCKER_REGISTRY_INSECURE and CONTAINER_REGISTRY_INSECURE
INSECURE_LIST="${DOCKER_REGISTRY_INSECURE}"
if [ "${CONTAINER_REGISTRY_INSECURE}" = "1" ] && [ -n "${QEMU_REGISTRY_URL}" ]; then
# Use the QEMU-translated URL for insecure list
INSECURE_LIST="${INSECURE_LIST} ${QEMU_REGISTRY_URL}"
fi
# Also translate any localhost entries in the insecure list
INSECURE_LIST=$(echo "${INSECURE_LIST}" | sed 's/localhost/10.0.2.2/g' | sed 's/127\.0\.0\.1/10.0.2.2/g')
if [ -n "${INSECURE_LIST}" ]; then
echo "VDKR_INSECURE_REGISTRIES=\"${INSECURE_LIST}\"" >> ${IMAGE_ROOTFS}/etc/vdkr/registry.conf
fi
bbnote "Created vdkr registry config: ${QEMU_REGISTRY_URL}/${CONTAINER_REGISTRY_NAMESPACE}"
fi
}
|
