diff options
29 files changed, 937 insertions, 0 deletions
diff --git a/COPYING.MIT b/COPYING.MIT new file mode 100644 index 0000000..89de354 --- /dev/null +++ b/COPYING.MIT @@ -0,0 +1,17 @@ +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. @@ -0,0 +1,83 @@ +This layer enables the clear containers runtime (cc-oci-runtime) for Docker: + +Details about the Clear Containers project can be found at: + +https://github.com/01org/cc-oci-runtime + +https://clearlinux.org/features/intel%C2%AE-clear-containers + +Dependencies +============ + +This layer depends on: + + URL: git://git.yoctoproject.org/poky.git + layers: meta meta-poky meta-yocto-bsp + branch: pyro + + URL: git://git.openembedded.org/meta-openembedded + layers: meta-oe meta-python meta-networking meta-filesystems + branch: pyro + + URI: git://git.yoctoproject.org/meta-virtualization + branch: master + +Patches +======= + +Please submit any patches for meta-intel-clear-containers layer to the +meta-intel mailing list (meta-intel@yoctoproject.org): + + +Table of Contents +================= + + I. Adding the meta-intel-clear-containers layer to your build + II. Misc + + +I. Adding the meta-intel-clear-containers layer to your build +================================================= + +The clear containers runtime can be added to your images with the cc-oci-runtime recipe. + +Example (add to conf/local.conf): +IMAGE_INSTALL_append += " cc-oci-runtime " + +In order to use this layer, you need to make the build system aware of +it. + +Assuming the meta-intel-clear-containers layer exists at the top-level of your +yocto build tree, you can add it to the build system by adding the +location of the meta-intel-clear-containers layer to bblayers.conf, along with any +other layers needed. e.g.: + + BBLAYERS ?= " \ + /path/to/yocto/meta \ + /path/to/yocto/meta-poky \ + /path/to/yocto/meta-yocto-bsp \ + /path/to/yocto/meta-openembedded/meta-oe \ + /path/to/yocto/meta-openembedded/meta-python \ + /path/to/yocto/meta-openembedded/meta-networking \ + /path/to/yocto/meta-openembedded/meta-filesystems \ + /path/to/yocto/meta-virtualization \ + /path/to/yocto/meta-intel-clear-containers \ + " + +II. Misc +======== +* Clear Containers depends on the following kernel module. +It will be automatically enabled for 3.9.* and 3.10.* kernels + +CONFIG_VHOST_NET=m + +* To modify the amount of memory available to QEMU. Add the following variable to your conf/local.conf + +QEMU_CC_MEM = "2G,slots=2,maxmem=2G" + +* When building docker with clear containers support, the default docker runtime will be set to cor (cc-oci-runtime). To change the default docker runtime, please modify the docker.service file and restart docker. + +Example for runc (docker.service): + +ExecStart=/usr/bin/dockerd -D --add-runtime cor=/usr/bin/cc-oci-runtime.sh --default-runtime=runc -H fd:// + diff --git a/conf/layer.conf b/conf/layer.conf new file mode 100644 index 0000000..1fc78b4 --- /dev/null +++ b/conf/layer.conf @@ -0,0 +1,19 @@ +# We have a conf and classes directory, add to BBPATH +BBPATH .= ":${LAYERDIR}" + +# We have recipes-* directories, add to BBFILES +BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \ + ${LAYERDIR}/recipes-*/*/*.bbappend" + +BBFILE_COLLECTIONS += "meta-intel-clear-containers" +BBFILE_PATTERN_meta-intel-clear-containers = "^${LAYERDIR}/" +BBFILE_PRIORITY_meta-intel-clear-containers = "6" + +LAYERDEPENDS_intel-clear-containers-layer = "openembedded-layer" +LAYERDEPENDS_intel-clear-containers-layer += "virtualization-layer" + +# Docker requires systemd +DISTRO_FEATURES_append = " systemd" +VIRTUAL-RUNTIME_init_manager = "systemd" +DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" +VIRTUAL-RUNTIME_initscripts = "systemd-compat-units" diff --git a/recipes-containers/containerd/containerd-docker_%.bbappend b/recipes-containers/containerd/containerd-docker_%.bbappend new file mode 100644 index 0000000..f6dcaec --- /dev/null +++ b/recipes-containers/containerd/containerd-docker_%.bbappend @@ -0,0 +1,10 @@ +include containerd.inc + +SRCREV = "03e5862ec0d8d3b3f750e19fca3ee367e13c090e" +SRC_URI = "\ + git://github.com/docker/containerd.git;branch=docker-1.13.x \ + " +CONTAINERD_VERSION = "0.2.3" + +PROVIDES += "virtual/containerd" +RPROVIDES_${PN} = "virtual/containerd" diff --git a/recipes-containers/containerd/containerd-opencontainers_%.bbappend b/recipes-containers/containerd/containerd-opencontainers_%.bbappend new file mode 100644 index 0000000..37f8547 --- /dev/null +++ b/recipes-containers/containerd/containerd-opencontainers_%.bbappend @@ -0,0 +1,9 @@ +include containerd.inc + +SRCREV = "0ac3cd1be170d180b2baed755e8f0da547ceb267" +SRC_URI = "git://github.com/docker/containerd.git;nobranch=1 \ + " +CONTAINERD_VERSION = "0.2.2" + +PROVIDES += "virtual/containerd" +RPROVIDES_${PN} = "virtual/containerd" diff --git a/recipes-containers/containerd/containerd.inc b/recipes-containers/containerd/containerd.inc new file mode 100644 index 0000000..b143979 --- /dev/null +++ b/recipes-containers/containerd/containerd.inc @@ -0,0 +1,85 @@ +HOMEPAGE = "https://github.com/docker/containerd" +SUMMARY = "containerd is a daemon to control runC" +DESCRIPTION = "containerd is a daemon to control runC, built for performance and density. \ + containerd leverages runC's advanced features such as seccomp and user namespace \ + support as well as checkpoint and restore for cloning and live migration of containers." + +# Apache-2.0 for containerd +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE.code;md5=aadc30f9c14d876ded7bedc0afd2d3d7" + +S = "${WORKDIR}/git" + +PV = "${CONTAINERD_VERSION}+git${SRCREV}" + +inherit go + +RRECOMMENDS_${PN} = "lxc docker" +CONTAINERD_PKG="github.com/docker/containerd" + +do_configure[noexec] = "1" + +do_compile() { + export GOARCH="${TARGET_ARCH}" + # supported amd64, 386, arm arm64 + if [ "${TARGET_ARCH}" = "x86_64" ]; then + export GOARCH="amd64" + fi + if [ "${TARGET_ARCH}" = "aarch64" ]; then + export GOARCH="arm64" + fi + if [ "${TARGET_ARCH}" = "i586" ]; then + export GOARCH="386" + fi + + # Set GOPATH. See 'PACKAGERS.md'. Don't rely on + # docker to download its dependencies but rather + # use dependencies packaged independently. + cd ${S} + rm -rf .gopath + mkdir -p .gopath/src/"$(dirname "${CONTAINERD_PKG}")" + ln -sf ../../../.. .gopath/src/"${CONTAINERD_PKG}" + export GOPATH="${S}/.gopath:${S}/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go" + export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go" + cd - + + # Pass the needed cflags/ldflags so that cgo + # can find the needed headers files and libraries + export CGO_ENABLED="1" + export CFLAGS="" + export LDFLAGS="" + export CGO_CFLAGS="${BUILDSDK_CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${BUILDSDK_LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CC_FOR_TARGET="${TARGET_PREFIX}gcc ${TARGET_CC_ARCH} --sysroot=${STAGING_DIR_TARGET}" + export CXX_FOR_TARGET="${TARGET_PREFIX}g++ ${TARGET_CC_ARCH} --sysroot=${STAGING_DIR_TARGET}" + + oe_runmake static +} + +# Note: disabled for now, since docker is launching containerd +# inherit systemd +# SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}','',d)}" +# SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','containerd.service','',d)}" + +do_install() { + mkdir -p ${D}/${bindir} + + cp ${S}/bin/containerd ${D}/${bindir}/containerd + cp ${S}/bin/containerd-shim ${D}/${bindir}/containerd-shim + cp ${S}/bin/ctr ${D}/${bindir}/containerd-ctr + + ln -sf containerd ${D}/${bindir}/docker-containerd + ln -sf containerd-shim ${D}/${bindir}/docker-containerd-shim + ln -sf containerd-ctr ${D}/${bindir}/docker-containerd-ctr + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}${systemd_unitdir}/system + install -m 644 ${S}/hack/containerd.service ${D}/${systemd_unitdir}/system + # adjust from /usr/local/bin to /usr/bin/ + sed -e "s:/usr/local/bin/containerd:${bindir}/docker-containerd -l \"unix\:///var/run/docker/libcontainerd/docker-containerd.sock\":g" -i ${D}/${systemd_unitdir}/system/containerd.service + fi +} + +FILES_${PN} += "${systemd_system_unitdir}/*" + +INHIBIT_PACKAGE_STRIP = "1" diff --git a/recipes-containers/docker/docker/0001-docker.service-add-clear-linux-oci-runtime.patch b/recipes-containers/docker/docker/0001-docker.service-add-clear-linux-oci-runtime.patch new file mode 100644 index 0000000..f127726 --- /dev/null +++ b/recipes-containers/docker/docker/0001-docker.service-add-clear-linux-oci-runtime.patch @@ -0,0 +1,26 @@ +From 3d8de3552b778d26f6783edebb7e97ed39e93d0c Mon Sep 17 00:00:00 2001 +From: Todor Minchev <todor.minchev@linux.intel.com> +Date: Tue, 15 Aug 2017 16:09:49 -0700 +Subject: [PATCH] docker.service add clear linux oci runtime + +Signed-off-by: Todor Minchev <todor.minchev@linux.intel.com> +--- + contrib/init/systemd/docker.service | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/contrib/init/systemd/docker.service b/contrib/init/systemd/docker.service +index 8bfed93c7..5a730e618 100644 +--- a/contrib/init/systemd/docker.service ++++ b/contrib/init/systemd/docker.service +@@ -9,7 +9,7 @@ Type=notify + # the default is not to use systemd for cgroups because the delegate issues still + # exists and systemd currently does not support the cgroup feature set required + # for containers run by docker +-ExecStart=/usr/bin/dockerd -H fd:// ++ExecStart=/usr/bin/dockerd -D --add-runtime cor=/usr/bin/cc-oci-runtime.sh --default-runtime=cor -H fd:// + ExecReload=/bin/kill -s HUP $MAINPID + LimitNOFILE=1048576 + # Having non-zero Limit*s causes performance problems due to accounting overhead +-- +2.13.2 + diff --git a/recipes-containers/docker/docker/context-use-golang.org-x-net-pkg-until-we-move-to-go.patch b/recipes-containers/docker/docker/context-use-golang.org-x-net-pkg-until-we-move-to-go.patch new file mode 100644 index 0000000..240b744 --- /dev/null +++ b/recipes-containers/docker/docker/context-use-golang.org-x-net-pkg-until-we-move-to-go.patch @@ -0,0 +1,116 @@ +From de69555afaf05efcdeea7b7c20c6f7b12f3e1bac Mon Sep 17 00:00:00 2001 +From: Mark Asselstine <mark.asselstine@windriver.com> +Date: Fri, 20 Jan 2017 11:58:44 -0500 +Subject: [PATCH] context: use golang.org/x/net pkg until we move to go 1.7 + +In go 1.6 the context.go is not yet integrated and as such we will get +build errors like: + +walwrap.go:4:2: cannot find package "context" in any of: +... + +Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> +--- + client/README.md | 2 +- + client/client.go | 2 +- + daemon/info_unix.go | 2 +- + integration-cli/docker_api_attach_test.go | 2 +- + integration-cli/docker_cli_save_load_unix_test.go | 2 +- + vendor/github.com/docker/swarmkit/manager/logbroker/subscription.go | 2 +- + vendor/github.com/docker/swarmkit/manager/state/raft/storage/walwrap.go | 2 +- + 7 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/client/README.md b/client/README.md +index 059dfb3..9de54aa 100644 +--- a/client/README.md ++++ b/client/README.md +@@ -8,7 +8,7 @@ For example, to list running containers (the equivalent of `docker ps`): + package main + + import ( +- "context" ++ "golang.org/x/net/context" + "fmt" + + "github.com/docker/docker/api/types" +diff --git a/client/client.go b/client/client.go +index a9bdab6..95933af 100644 +--- a/client/client.go ++++ b/client/client.go +@@ -19,7 +19,7 @@ For example, to list running containers (the equivalent of "docker ps"): + package main + + import ( +- "context" ++ "golang.org/x/net/context" + "fmt" + + "github.com/docker/docker/api/types" +diff --git a/daemon/info_unix.go b/daemon/info_unix.go +index 9c41c0e..57f8a7b 100644 +--- a/daemon/info_unix.go ++++ b/daemon/info_unix.go +@@ -3,7 +3,7 @@ + package daemon + + import ( +- "context" ++ "golang.org/x/net/context" + "os/exec" + "strings" + +diff --git a/integration-cli/docker_api_attach_test.go b/integration-cli/docker_api_attach_test.go +index d43bf3a..e5802a7 100644 +--- a/integration-cli/docker_api_attach_test.go ++++ b/integration-cli/docker_api_attach_test.go +@@ -3,7 +3,7 @@ package main + import ( + "bufio" + "bytes" +- "context" ++ "golang.org/x/net/context" + "io" + "net" + "net/http" +diff --git a/integration-cli/docker_cli_save_load_unix_test.go b/integration-cli/docker_cli_save_load_unix_test.go +index 22445e5..d0afc8c 100644 +--- a/integration-cli/docker_cli_save_load_unix_test.go ++++ b/integration-cli/docker_cli_save_load_unix_test.go +@@ -3,7 +3,7 @@ + package main + + import ( +- "context" ++ "golang.org/x/net/context" + "fmt" + "io/ioutil" + "os" +diff --git a/vendor/github.com/docker/swarmkit/manager/logbroker/subscription.go b/vendor/github.com/docker/swarmkit/manager/logbroker/subscription.go +index 6b3295a..cbfcf7e 100644 +--- a/vendor/github.com/docker/swarmkit/manager/logbroker/subscription.go ++++ b/vendor/github.com/docker/swarmkit/manager/logbroker/subscription.go +@@ -1,7 +1,7 @@ + package logbroker + + import ( +- "context" ++ "golang.org/x/net/context" + "fmt" + "strings" + "sync" +diff --git a/vendor/github.com/docker/swarmkit/manager/state/raft/storage/walwrap.go b/vendor/github.com/docker/swarmkit/manager/state/raft/storage/walwrap.go +index 5a6c71a..efe5921 100644 +--- a/vendor/github.com/docker/swarmkit/manager/state/raft/storage/walwrap.go ++++ b/vendor/github.com/docker/swarmkit/manager/state/raft/storage/walwrap.go +@@ -1,7 +1,7 @@ + package storage + + import ( +- "context" ++ "golang.org/x/net/context" + "io" + "io/ioutil" + "os" +-- +2.7.4 + diff --git a/recipes-containers/docker/docker/docker-registry.service b/recipes-containers/docker/docker/docker-registry.service new file mode 100644 index 0000000..7b4bc46 --- /dev/null +++ b/recipes-containers/docker/docker/docker-registry.service @@ -0,0 +1,19 @@ +[Unit] +Description=docker private registry service +After=docker.service + +[Service] +ExecStartPre=-/usr/bin/docker kill registry +ExecStartPre=-/usr/bin/docker rm registry +ExecStart=/usr/bin/docker run --name registry -v /mirror/registry:/tmp/ -p 5000:5000 \ + -e "STANDALONE=true" \ + -e "MIRROR_SOURCE=https://registry-1.docker.io" \ + -e "MIRROR_SOURCE_INDEX=https://index.docker.io" \ + -e "SETTINGS_FLAVOR=local" \ + registry +ExecStop=-/usr/bin/docker stop registry +Restart=always +RestartSec=10s + +[Install] +WantedBy=multi-user.target diff --git a/recipes-containers/docker/docker/docker.init b/recipes-containers/docker/docker/docker.init new file mode 100644 index 0000000..9c01c75 --- /dev/null +++ b/recipes-containers/docker/docker/docker.init @@ -0,0 +1,126 @@ +#!/bin/sh +# +# /etc/rc.d/init.d/docker +# +# Daemon for docker.com +# +# chkconfig: 2345 95 95 +# description: Daemon for docker.com + +### BEGIN INIT INFO +# Provides: docker +# Required-Start: $network cgconfig +# Required-Stop: +# Should-Start: +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: start and stop docker +# Description: Daemon for docker.com +### END INIT INFO + +# Source function library. +. /etc/init.d/functions + +prog="docker" +unshare=/usr/bin/unshare +exec="/usr/bin/$prog" +pidfile="/var/run/$prog.pid" +lockfile="/var/lock/subsys/$prog" +logfile="/var/log/$prog" + +[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog + +start() { + [ -x $exec ] || exit 5 + + check_for_cleanup + + if ! [ -f $pidfile ]; then + printf "Starting $prog:\t" + echo "\n$(date)\n" >> $logfile + "$unshare" -m -- $exec -d $other_args &>> $logfile & + pid=$! + touch $lockfile + # wait up to 10 seconds for the pidfile to exist. see + # https://github.com/docker/docker/issues/5359 + tries=0 + while [ ! -f $pidfile -a $tries -lt 10 ]; do + sleep 1 + tries=$((tries + 1)) + done + success + echo + else + failure + echo + printf "$pidfile still exists...\n" + exit 7 + fi +} + +stop() { + echo -n $"Stopping $prog: " + killproc $prog + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + stop + start +} + +reload() { + restart +} + +force_reload() { + restart +} + +rh_status() { + status -p $pidfile $prog +} + +rh_status_q() { + rh_status >/dev/null 2>&1 +} + + +check_for_cleanup() { + if [ -f ${pidfile} ]; then + /bin/ps -fp $(cat ${pidfile}) > /dev/null || rm ${pidfile} + fi +} + +case "$1" in + start) + $1 + ;; + stop) + $1 + ;; + restart) + $1 + ;; + reload) + $1 + ;; + force-reload) + force_reload + ;; + status) + status + ;; + condrestart|try-restart) + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" + exit 2 +esac + +exit $? diff --git a/recipes-containers/docker/docker/docker.service b/recipes-containers/docker/docker/docker.service new file mode 100644 index 0000000..eaa3319 --- /dev/null +++ b/recipes-containers/docker/docker/docker.service @@ -0,0 +1,15 @@ +[Unit] +Description=Docker Application Container Engine +Documentation=http://docs.docker.com +After=network.target docker.socket +Requires=docker.socket + +[Service] +ExecStart=/usr/bin/docker daemon -H fd:// --registry-mirror=http://localhost:5000 --insecure-registry=http://localhost:5000 --raw-logs +MountFlags=slave +LimitNOFILE=1048576 +LimitNPROC=1048576 +LimitCORE=infinity + +[Install] +WantedBy=multi-user.target diff --git a/recipes-containers/docker/docker/hi.Dockerfile b/recipes-containers/docker/docker/hi.Dockerfile new file mode 100644 index 0000000..9af6805 --- /dev/null +++ b/recipes-containers/docker/docker/hi.Dockerfile @@ -0,0 +1,7 @@ +FROM debian + +MAINTAINER amy.fong@windriver.com + +RUN apt-get update && apt-get install figlet + +ENTRYPOINT [ "/usr/bin/figlet", "hi" ] diff --git a/recipes-containers/docker/docker_%.bbappend b/recipes-containers/docker/docker_%.bbappend new file mode 100644 index 0000000..7e041d2 --- /dev/null +++ b/recipes-containers/docker/docker_%.bbappend @@ -0,0 +1,53 @@ +SRCREV_docker = "49bf474f9ed7ce7143a59d1964ff7b7fd9b52178" +SRCREV_libnetwork="0f534354b813003a754606689722fe253101bc4e" +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +SRC_URI = "\ + git://github.com/docker/docker.git;nobranch=1;name=docker \ + git://github.com/docker/libnetwork.git;branch=master;name=libnetwork;destsuffix=libnetwork \ + file://docker.init \ + file://hi.Dockerfile \ + file://context-use-golang.org-x-net-pkg-until-we-move-to-go.patch \ + file://0001-docker.service-add-clear-linux-oci-runtime.patch \ + " + +# Apache-2.0 for docker +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=aadc30f9c14d876ded7bedc0afd2d3d7" + +DOCKER_VERSION = "1.13.0" +RDEPENDS_${PN} += "kernel-module-vhost kernel-module-vhost-net" + +do_compile() { + # Set GOPATH. See 'PACKAGERS.md'. Don't rely on + # docker to download its dependencies but rather + # use dependencies packaged independently. + cd ${S} + rm -rf .gopath + mkdir -p .gopath/src/"$(dirname "${DOCKER_PKG}")" + ln -sf ../../../.. .gopath/src/"${DOCKER_PKG}" + + mkdir -p .gopath/src/github.com/docker + ln -sf ../../../../../libnetwork .gopath/src/github.com/docker/libnetwork + + export GOPATH="${S}/.gopath:${S}/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go" + export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go" + cd - + + # Pass the needed cflags/ldflags so that cgo + # can find the needed headers files and libraries + export CGO_ENABLED="1" + export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + # in order to exclude devicemapper and btrfs - https://github.com/docker/docker/issues/14056 + export DOCKER_BUILDTAGS='exclude_graphdriver_btrfs exclude_graphdriver_devicemapper' + + # this is the unsupported built structure + # that doesn't rely on an existing docker + # to build this: + DOCKER_GITCOMMIT="${SRCREV}" \ + ./hack/make.sh dynbinary + + # build the proxy + go build -o ${S}/docker-proxy github.com/docker/libnetwork/cmd/proxy +} + diff --git a/recipes-containers/runc/runc-docker_%.bbappend b/recipes-containers/runc/runc-docker_%.bbappend new file mode 100644 index 0000000..96d48ca --- /dev/null +++ b/recipes-containers/runc/runc-docker_%.bbappend @@ -0,0 +1,11 @@ +include runc.inc + +# Note: this rev is before the required protocol field, update when all components +# have been updated to match. +SRCREV = "2f7393a47307a16f8cee44a37b262e8b81021e3e" +SRC_URI = "git://github.com/docker/runc.git;nobranch=1 \ + " + +RUNC_VERSION = "1.0.0-rc2" +PROVIDES += "virtual/runc" +RPROVIDES_${PN} = "virtual/runc" diff --git a/recipes-containers/runc/runc-opencontainers_%.bbappend b/recipes-containers/runc/runc-opencontainers_%.bbappend new file mode 100644 index 0000000..4a6e8cd --- /dev/null +++ b/recipes-containers/runc/runc-opencontainers_%.bbappend @@ -0,0 +1,15 @@ +include runc.inc + +SRCREV = "75f8da7c889acc4509a0cf6f0d3a8f9584778375" +SRC_URI = "git://github.com/opencontainers/runc;branch=master \ + " +RUNC_VERSION = "1.0.0-rc3" +PROVIDES += "virtual/runc" +RPROVIDES_${PN} = "virtual/runc" + +do_compile_prepend() { + # Go looks in a src directory under any directory in GOPATH but + # runc-opencontainers uses 'vendor' instead of 'vendor/src'. We can fix + # this with a symlink. + ln -sfn . "${S}/vendor/src" +} diff --git a/recipes-containers/runc/runc.inc b/recipes-containers/runc/runc.inc new file mode 100644 index 0000000..4808547 --- /dev/null +++ b/recipes-containers/runc/runc.inc @@ -0,0 +1,58 @@ +HOMEPAGE = "https://github.com/opencontainers/runc" +SUMMARY = "runc container cli tools" +DESCRIPTION = "runc is a CLI tool for spawning and running containers according to the OCI specification." + +# Apache-2.0 for containerd +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=435b266b3899aa8a959f17d41c56def8" + +S = "${WORKDIR}/git" + +PV = "${RUNC_VERSION}+git${SRCREV}" + +inherit go +RRECOMMENDS_${PN} = "lxc docker" + +LIBCONTAINER_PACKAGE="github.com/opencontainers/runc/libcontainer" + +do_configure[noexec] = "1" +EXTRA_OEMAKE="BUILDTAGS=''" + +inherit goarch + +do_compile() { + export GOARCH="${TARGET_GOARCH}" + export GOROOT="${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/go" + # Set GOPATH. See 'PACKAGERS.md'. Don't rely on + # docker to download its dependencies but rather + # use dependencies packaged independently. + cd ${S} + rm -rf .gopath + dname=`dirname "${LIBCONTAINER_PACKAGE}"` + bname=`basename "${LIBCONTAINER_PACKAGE}"` + mkdir -p .gopath/src/${dname} + + (cd .gopath/src/${dname}; ln -sf ../../../../../${bname} ${bname}) + export GOPATH="${S}/.gopath:${S}/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go" + export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go" + cd - + + # Pass the needed cflags/ldflags so that cgo + # can find the needed headers files and libraries + export CGO_ENABLED="1" + export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CFLAGS="" + export LDFLAGS="" + + oe_runmake static +} + +do_install() { + mkdir -p ${D}/${bindir} + + cp ${S}/runc ${D}/${bindir}/runc + ln -sf runc ${D}/${bindir}/docker-runc +} + +INHIBIT_PACKAGE_STRIP = "1" diff --git a/recipes-containers/runc/runc/0001-nsexec-fix-build-against-musl-libc.patch b/recipes-containers/runc/runc/0001-nsexec-fix-build-against-musl-libc.patch new file mode 100644 index 0000000..aa57636 --- /dev/null +++ b/recipes-containers/runc/runc/0001-nsexec-fix-build-against-musl-libc.patch @@ -0,0 +1,48 @@ +From ac6bd953192fa6752a07be7501f69f7cffe33e8e Mon Sep 17 00:00:00 2001 +From: Natanael Copa <natanael.copa@docker.com> +Date: Tue, 19 Apr 2016 10:43:00 +0200 +Subject: [PATCH] nsexec: fix build against musl libc + +Remove a wrongly added include which was added in commit 3c2e77ee (Add a +compatibility header for CentOS/RHEL 6, 2016-01-29) apparently to +fix this compile error on centos 6: + +> In file included from +> Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c:20: +> /usr/include/linux/netlink.h:35: error: expected specifier-qualifier-list before 'sa_family_t' + +The glibc bits/sockaddr.h says that this header should never be included +directly[1]. Instead, sys/socket.h should be used. + +The problem was correctly fixed later, in commit 394fb55 (Fix build +error on centos6, 2016-03-02) so the incorrect bits/sockaddr.h can +safely be removed. + +This is needed to build musl libc. + +Fixes #761 + +[1]: https://github.molgen.mpg.de/git-mirror/glibc/blob/20003c49884422da7ffbc459cdeee768a6fee07b/bits/sockaddr.h#L20 + +Signed-off-by: Natanael Copa <natanael.copa@docker.com> +Signed-off-by: Paul Barker <paul@paulbarker.me.uk> +Upstream-status: Backport +--- + libcontainer/nsenter/nsexec.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c +index 8f37d6c..40a8f89 100644 +--- a/libcontainer/nsenter/nsexec.c ++++ b/libcontainer/nsenter/nsexec.c +@@ -18,7 +18,6 @@ + #include <unistd.h> + #include <grp.h> + +-#include <bits/sockaddr.h> + #include <linux/types.h> + + // All arguments should be above the stack because it grows down +-- +2.1.4 + diff --git a/recipes-devtools/cc-oci-artifacts/cc-image_16050.bb b/recipes-devtools/cc-oci-artifacts/cc-image_16050.bb new file mode 100644 index 0000000..1849e94 --- /dev/null +++ b/recipes-devtools/cc-oci-artifacts/cc-image_16050.bb @@ -0,0 +1,15 @@ +LICENSE = "GPLv2" +ERROR_QA_remove = "license-checksum" + +SRC_URI = "https://download.clearlinux.org/releases/16050/clear/clear-${PV}-containers.img.xz" +SRC_URI[md5sum] = "8d6003d6e44a5278d57367b7000d97da" +SRC_URI[sha256sum] = "1a78b0a1e43552528a820ff6f7eaf3f3fb15b2d71b629eb103911f10b15b449f" + +FILES_${PN} += "/usr/share/clear-containers/*" + +do_install_append () { + cd ${WORKDIR} ; rm -f clear-containers.img + ln -s clear-${PV}-containers.img clear-containers.img + mkdir -p ${D}/usr/share/clear-containers/ + cp -rf ${WORKDIR}/clear*-containers.img ${D}/usr/share/clear-containers/ +} diff --git a/recipes-devtools/cc-oci-artifacts/cc-kernel_4.9.33-74.bb b/recipes-devtools/cc-oci-artifacts/cc-kernel_4.9.33-74.bb new file mode 100644 index 0000000..5d03ffb --- /dev/null +++ b/recipes-devtools/cc-oci-artifacts/cc-kernel_4.9.33-74.bb @@ -0,0 +1,19 @@ +SUMMARY = "The Linux kernel optimized for running inside a container" +DESCRIPTION = "The Linux kernel." +HOMEPAGE = "http://www.kernel.org/" + +LICENSE = "GPLv2" +ERROR_QA_remove = "license-checksum" + +SRC_URI = "http://download.clearlinux.org/releases/16050/clear/x86_64/os/Packages/linux-container-${PV}.x86_64.rpm" +SRC_URI[md5sum] = "69f268d45c3dfee82f1afbd479534e08" +SRC_URI[sha256sum] = "0f915e1b18ddcdd13fb339d3cc7b9857297dd1340f69dde504012f3e644c4293" + +FILES_${PN} += "/usr/share/clear-containers/*" + +do_unpack[depends] += "xz-native:do_populate_sysroot" + +do_install_append () { + cp -rf ${WORKDIR}/usr ${D}/usr +} + diff --git a/recipes-devtools/cc-oci-runtime/cc-oci-runtime/0001-configure.ac-set-defaul-qemu-patch-to-usr-local-bin.patch b/recipes-devtools/cc-oci-runtime/cc-oci-runtime/0001-configure.ac-set-defaul-qemu-patch-to-usr-local-bin.patch new file mode 100644 index 0000000..e867d02 --- /dev/null +++ b/recipes-devtools/cc-oci-runtime/cc-oci-runtime/0001-configure.ac-set-defaul-qemu-patch-to-usr-local-bin.patch @@ -0,0 +1,26 @@ +From ae42e6f3516b322d6bca9b82f6c4a64cad37024a Mon Sep 17 00:00:00 2001 +From: Todor Minchev <todor.minchev@linux.intel.com> +Date: Mon, 28 Aug 2017 14:41:56 -0700 +Subject: [PATCH] configure.ac: set defaul qemu patch to /usr/local/bin + +Signed-off-by: Todor Minchev <todor.minchev@linux.intel.com> +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 44292af..bb03068 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -212,7 +212,7 @@ AC_ARG_WITH([cc-image-bootchart-config-dir], + AM_CONDITIONAL([CC_IMAGE_BOOTCHART_CONFIG],[test x"$WITH_CC_IMAGE_BOOTCHART_CONFIG" != xno]) + + #Check for qemu +-DEFAULT_QEMU_PATH=/usr/bin/qemu-system-x86_64 ++DEFAULT_QEMU_PATH=/usr/local/bin/qemu-system-x86_64 + + AC_ARG_WITH([qemu-path], + [AS_HELP_STRING([--with-qemu-path=[[QEMU-PATH]]], +-- +2.13.2 + diff --git a/recipes-devtools/cc-oci-runtime/cc-oci-runtime/0001-hypervisor.in-set-default-machine-to-q35.patch b/recipes-devtools/cc-oci-runtime/cc-oci-runtime/0001-hypervisor.in-set-default-machine-to-q35.patch new file mode 100644 index 0000000..c4da06d --- /dev/null +++ b/recipes-devtools/cc-oci-runtime/cc-oci-runtime/0001-hypervisor.in-set-default-machine-to-q35.patch @@ -0,0 +1,26 @@ +From ae7006fbd25a243a83f35d5372a02ca34e05ba3a Mon Sep 17 00:00:00 2001 +From: Todor Minchev <todor.minchev@linux.intel.com> +Date: Mon, 28 Aug 2017 15:07:54 -0700 +Subject: [PATCH] hypervisor.in: set default machine to q35 + +Signed-off-by: Todor Minchev <todor.minchev@linux.intel.com> +--- + data/hypervisor.args.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/data/hypervisor.args.in b/data/hypervisor.args.in +index b96016b..7095503 100644 +--- a/data/hypervisor.args.in ++++ b/data/hypervisor.args.in +@@ -2,7 +2,7 @@ + -name + @NAME@ + -machine +-pc-lite,accel=kvm,kernel_irqchip,nvdimm ++q35,accel=kvm,kernel_irqchip,nvdimm,nosmm,nosmbus,nosata,nopit,nofw + -device + nvdimm,memdev=mem0,id=nv0 + -object +-- +2.13.2 + diff --git a/recipes-devtools/cc-oci-runtime/cc-oci-runtime_git.bb b/recipes-devtools/cc-oci-runtime/cc-oci-runtime_git.bb new file mode 100644 index 0000000..4e63748 --- /dev/null +++ b/recipes-devtools/cc-oci-runtime/cc-oci-runtime_git.bb @@ -0,0 +1,37 @@ +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263" + +inherit systemd +SYSTEMD_SERVICE_${PN} = "cc-proxy.service" + +SRC_URI = "git://git@github.com/01org/cc-oci-runtime.git;protocol=https \ + file://0001-configure.ac-set-defaul-qemu-patch-to-usr-local-bin.patch \ + file://0001-hypervisor.in-set-default-machine-to-q35.patch \ + " + +SRCREV = "fdce5d7c941c0af3a2b18246c62cabf890e7664f" + +DISABLE_STATIC = "" +PACKAGECONFIG_CONFARGS = " " + +RDEPENDS_${PN} = "qemu-cc cc-image cc-kernel tunctl docker docker-contrib connman connman-client" +DEPENDS = " autoconf-archive-native gnome-common go-native json-glib libcheck libmnl util-linux glib-2.0" +QEMU_CC_MEM ?= "256M,slots=2,maxmem=1G" + +S = "${WORKDIR}/git" +FILES_${PN} += "/lib/systemd/system/* \ + /usr/share/defaults/* " + +inherit pkgconfig autotools + +EXTRA_OECONF = " --disable-valgrind-sgcheck --disable-functional-tests --enable-autogopath --disable-docker-tests --disable-metrics-tests --disable-crio-tests --disable-valgrind-drd" + +do_configure_append() { + cp -rfp ${S}/vendor ${S}/../build/ + cp -rfp ${S}/proxy ${S}/../build/ + sed -i -e "s/^2G,slots=2,maxmem=3G/${QEMU_CC_MEM}/" ${S}/../build/data/hypervisor.args +} + +do_compile() { + oe_runmake +} diff --git a/recipes-devtools/qemu-cc/qemu-cc.bb b/recipes-devtools/qemu-cc/qemu-cc.bb new file mode 100644 index 0000000..b9b2d8a --- /dev/null +++ b/recipes-devtools/qemu-cc/qemu-cc.bb @@ -0,0 +1,85 @@ +SUMMARY = "Fast open source processor emulator" +HOMEPAGE = "https://github.com/clearcontainers/qemu" +LICENSE = "GPLv2 & LGPLv2.1" +DEPENDS = "zlib libcap-ng glib-2.0 pixman attr libcap" + +DISABLE_STATIC = "" +inherit pkgconfig + +LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=79ffa0ec772fa86740948cb7327a0cc7 \ + file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac" + +SRC_URI = "gitsm://github.com/clearcontainers/qemu.git;protocol=https;branch=qemu-lite-v2.9.0" + +PV = "2.9" +SRCREV = "a2e6957b6fcbf9be3c5146657ba9ae1dddf3ec70" + +S = "${WORKDIR}/git" +FILES_${PN} += "/usr/local/* \ + /usr/var/* " +INSANE_SKIP_${PN} = "already-stripped" + +EXTRA_OECONF = " \ + --disable-tools \ + --disable-libssh2 \ + --disable-tcmalloc \ + --disable-glusterfs \ + --disable-seccomp \ + --disable-bzip2 \ + --disable-snappy \ + --disable-lzo \ + --disable-usb-redir \ + --disable-libusb \ + --disable-libnfs \ + --disable-tcg-interpreter \ + --disable-debug-tcg \ + --disable-libiscsi \ + --disable-rbd \ + --disable-spice \ + --disable-attr \ + --disable-cap-ng \ + --disable-linux-aio \ + --disable-brlapi \ + --disable-vnc-jpeg \ + --disable-vnc-png \ + --disable-vnc-sasl \ + --disable-rdma \ + --disable-bluez \ + --disable-fdt \ + --disable-curl \ + --disable-curses \ + --disable-sdl \ + --disable-gtk \ + --disable-tpm \ + --disable-vte \ + --disable-vnc \ + --disable-xen \ + --disable-opengl \ + --disable-slirp \ + --disable-strip \ + --enable-trace-backend=nop \ + --enable-virtfs \ + --enable-attr \ + --enable-cap-ng \ + --extra-cflags=-Wno-format-truncation \ + --extra-cflags=-Wno-maybe-uninitialized \ + --prefix=/usr/local \ + --target-list=x86_64-softmmu " + +do_configure() { + ${S}/configure ${EXTRA_OECONF} +} + +do_compile() { + oe_runmake +} + +do_install() { + oe_runmake install DESTDIR='${D}' + rm -rf ${D}/usr/local/share/qemu/openbios-ppc + rm -rf ${D}/usr/local/share/qemu/openbios-sparc32 + rm -rf ${D}/usr/local/share/qemu/openbios-sparc64 + rm -rf ${D}/usr/local/share/qemu/s390-ccw.img + rm -rf ${D}/usr/local/share/qemu/palcode-clipper + rm -rf ${D}/usr/local/share/qemu/u-boot.e500 +} diff --git a/recipes-extended/images/cloud-image-controller.bbappend b/recipes-extended/images/cloud-image-controller.bbappend new file mode 100644 index 0000000..51b720c --- /dev/null +++ b/recipes-extended/images/cloud-image-controller.bbappend @@ -0,0 +1 @@ +IMAGE_FSTYPES_remove = "wic.vmdk" diff --git a/recipes-extended/images/cloud-image-guest.bbappend b/recipes-extended/images/cloud-image-guest.bbappend new file mode 100644 index 0000000..51b720c --- /dev/null +++ b/recipes-extended/images/cloud-image-guest.bbappend @@ -0,0 +1 @@ +IMAGE_FSTYPES_remove = "wic.vmdk" diff --git a/recipes-kernel/linux/linux-yocto/intel-clear-containers.cfg b/recipes-kernel/linux/linux-yocto/intel-clear-containers.cfg new file mode 100644 index 0000000..4dd9712 --- /dev/null +++ b/recipes-kernel/linux/linux-yocto/intel-clear-containers.cfg @@ -0,0 +1 @@ +CONFIG_VHOST_NET=m diff --git a/recipes-kernel/linux/linux-yocto/intel-clear-containers.scc b/recipes-kernel/linux/linux-yocto/intel-clear-containers.scc new file mode 100644 index 0000000..a19f579 --- /dev/null +++ b/recipes-kernel/linux/linux-yocto/intel-clear-containers.scc @@ -0,0 +1,3 @@ +define KFEATURE_DESCRIPTION "Enable clearcon support" +define KFEATURE_COMPATIBILITY board +kconf non-hardware intel-clear-containers.cfg diff --git a/recipes-kernel/linux/linux-yocto_4.10.bbappend b/recipes-kernel/linux/linux-yocto_4.10.bbappend new file mode 100644 index 0000000..a8a17a2 --- /dev/null +++ b/recipes-kernel/linux/linux-yocto_4.10.bbappend @@ -0,0 +1,3 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +SRC_URI += "file://intel-clear-containers.scc" +KERNEL_MODULE_AUTOLOAD += "vhost-net" diff --git a/recipes-kernel/linux/linux-yocto_4.9.bbappend b/recipes-kernel/linux/linux-yocto_4.9.bbappend new file mode 100644 index 0000000..a8a17a2 --- /dev/null +++ b/recipes-kernel/linux/linux-yocto_4.9.bbappend @@ -0,0 +1,3 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +SRC_URI += "file://intel-clear-containers.scc" +KERNEL_MODULE_AUTOLOAD += "vhost-net" |