diff options
Diffstat (limited to 'recipes-containers/podman/podman_git.bb')
-rw-r--r-- | recipes-containers/podman/podman_git.bb | 117 |
1 files changed, 85 insertions, 32 deletions
diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb index af94f0c4..f69dec16 100644 --- a/recipes-containers/podman/podman_git.bb +++ b/recipes-containers/podman/podman_git.bb @@ -6,57 +6,63 @@ DESCRIPTION = "Podman is a daemonless container engine for developing, \ `alias docker=podman`. \ " +inherit features_check +REQUIRED_DISTRO_FEATURES ?= "seccomp ipv6" + DEPENDS = " \ go-metalinter-native \ - go-md2man-native \ gpgme \ libseccomp \ ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ + gettext-native \ " -python __anonymous() { - msg = "" - # ERROR: Nothing PROVIDES 'libseccomp' (but meta-virtualization/recipes-containers/podman/ DEPENDS on or otherwise requires it). - # ERROR: Required build target 'meta-world-pkgdata' has no buildable providers. - # Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'podman', 'libseccomp'] - if 'security' not in d.getVar('BBFILE_COLLECTIONS').split(): - msg += "Make sure meta-security should be present as it provides 'libseccomp'" - raise bb.parse.SkipRecipe(msg) -} - -SRCREV = "a11c4ead10177a66ef2810a0a92ea8ce2299da07" +SRCREV = "bb81e85a430fa95d23a15b77c717fd68bf06ebf2" SRC_URI = " \ - git://github.com/containers/libpod.git;branch=v2.0 \ + git://github.com/containers/libpod.git;branch=v5.0;protocol=https \ + ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'file://50-podman-rootless.conf', '', d)} \ + file://run-ptest \ " LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=e3fc50a88d0a364313df4b21ef20c29e" +LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=3d9b931fa23ab1cacd0087f9e2ee12c0" GO_IMPORT = "import" S = "${WORKDIR}/git" -PV = "2.0.1+git${SRCPV}" +PV = "5.0.1+git" + +CVE_STATUS[CVE-2022-2989] = "fixed-version: fixed since v4.3.0" +CVE_STATUS[CVE-2023-0778] = "fixed-version: fixed since v4.5.0" PACKAGES =+ "${PN}-contrib" PODMAN_PKG = "github.com/containers/libpod" + +BUILDTAGS_EXTRA ?= "${@bb.utils.contains('VIRTUAL-RUNTIME_container_networking','cni','cni','',d)}" BUILDTAGS ?= "seccomp varlink \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)} \ -exclude_graphdriver_btrfs exclude_graphdriver_devicemapper" +exclude_graphdriver_btrfs exclude_graphdriver_devicemapper ${BUILDTAGS_EXTRA}" # overide LDFLAGS to allow podman to build without: "flag provided but not # defined: -Wl,-O1 export LDFLAGS="" +# https://github.com/llvm/llvm-project/issues/53999 +TOOLCHAIN = "gcc" + +# podmans Makefile expects BUILDFLAGS to be set but go.bbclass defines them in GOBUILDFLAGS +export BUILDFLAGS="${GOBUILDFLAGS}" + inherit go goarch -inherit systemd pkgconfig +inherit systemd pkgconfig ptest do_configure[noexec] = "1" EXTRA_OEMAKE = " \ PREFIX=${prefix} BINDIR=${bindir} LIBEXECDIR=${libexecdir} \ ETCDIR=${sysconfdir} TMPFILESDIR=${nonarch_libdir}/tmpfiles.d \ - SYSTEMDDIR=${systemd_unitdir}/system USERSYSTEMDDIR=${systemd_unitdir}/user \ + SYSTEMDDIR=${systemd_unitdir}/system USERSYSTEMDDIR=${systemd_user_unitdir} \ " # remove 'docker' from the packageconfig if you don't want podman to @@ -78,8 +84,6 @@ do_compile() { cd ${S}/src/.gopath/src/"${PODMAN_PKG}" - oe_runmake pkg/varlink/iopodman.go GO=go - # Pass the needed cflags/ldflags so that cgo # can find the needed headers files and libraries export GOARCH=${TARGET_GOARCH} @@ -87,7 +91,11 @@ do_compile() { export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" - oe_runmake BUILDTAGS="${BUILDTAGS}" + # podman now builds go-md2man and requires the host/build details + export NATIVE_GOOS=${BUILD_GOOS} + export NATIVE_GOARCH=${BUILD_GOARCH} + + oe_runmake NATIVE_GOOS=${BUILD_GOOS} NATIVE_GOARCH=${BUILD_GOARCH} BUILDTAGS="${BUILDTAGS}" } do_install() { @@ -101,23 +109,68 @@ do_install() { if ${@bb.utils.contains('PACKAGECONFIG', 'docker', 'true', 'false', d)}; then oe_runmake install.docker DESTDIR="${D}" fi - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -d ${D}${systemd_unitdir}/system - install -m 644 ${S}/src/import/contrib/systemd/system/podman.service ${D}/${systemd_unitdir}/system - install -m 644 ${S}/src/import/contrib/systemd/system/podman.socket ${D}/${systemd_unitdir}/system - rm -f ${D}/${systemd_unitdir}/system/docker.service.rpm + + # Silence docker emulation warnings. + mkdir -p ${D}/etc/containers + touch ${D}/etc/containers/nodocker + + if ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'true', 'false', d)}; then + install -d "${D}${sysconfdir}/sysctl.d" + install -m 0644 "${WORKDIR}/50-podman-rootless.conf" "${D}${sysconfdir}/sysctl.d" fi } -FILES_${PN} += " \ +do_install_ptest () { + cp ${S}/src/import/Makefile ${D}${PTEST_PATH} + install -d ${D}${PTEST_PATH}/test + cp -r ${S}/src/import/test/system ${D}${PTEST_PATH}/test + + # Some compatibility links for the Makefile assumptions. + install -d ${D}${PTEST_PATH}/bin + ln -s ${bindir}/podman ${D}${PTEST_PATH}/bin/podman + ln -s ${bindir}/podman-remote ${D}${PTEST_PATH}/bin/podman-remote +} + +FILES:${PN} += " \ ${systemd_unitdir}/system/* \ - ${systemd_unitdir}/user/* \ + ${nonarch_libdir}/systemd/* \ + ${systemd_user_unitdir/* \ ${nonarch_libdir}/tmpfiles.d/* \ + ${datadir}/user-tmpfiles.d/* \ ${sysconfdir}/cni \ " -SYSTEMD_SERVICE_${PN} = "podman.service podman.socket" +SYSTEMD_SERVICE:${PN} = "podman.service podman.socket" -RDEPENDS_${PN} += "conmon virtual/runc iptables cni skopeo" -RRECOMMENDS_${PN} += "slirp4netns" -RCONFLICTS_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'docker', 'docker', '', d)}" +# The other option for this is "busybox", since meta-virt ensures +# that busybox is configured with nsenter +VIRTUAL-RUNTIME_base-utils-nsenter ?= "util-linux-nsenter" + +COMPATIBLE_HOST = "^(?!mips).*" + +RDEPENDS:${PN} += "\ + conmon ${VIRTUAL-RUNTIME_container_runtime} iptables ${VIRTUAL-RUNTIME_container_networking} skopeo ${VIRTUAL-RUNTIME_base-utils-nsenter} \ + ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'fuse-overlayfs slirp4netns', '', d)} \ +" +RRECOMMENDS:${PN} += "slirp4netns \ + kernel-module-xt-masquerade \ + kernel-module-xt-comment \ + kernel-module-xt-mark \ + kernel-module-xt-addrtype \ + kernel-module-xt-conntrack \ + kernel-module-xt-tcpudp \ + " +RCONFLICTS:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'docker', 'docker', '', d)}" + +RDEPENDS:${PN}-ptest += " \ + bash \ + bats \ + buildah \ + catatonit \ + coreutils \ + file \ + gnupg \ + jq \ + make \ + tar \ +" |