diff options
Diffstat (limited to 'recipes-containers/podman/podman_git.bb')
-rw-r--r-- | recipes-containers/podman/podman_git.bb | 123 |
1 files changed, 97 insertions, 26 deletions
diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb index 5db9ed2f..441f1fc8 100644 --- a/recipes-containers/podman/podman_git.bb +++ b/recipes-containers/podman/podman_git.bb @@ -6,57 +6,64 @@ DESCRIPTION = "Podman is a daemonless container engine for developing, \ `alias docker=podman`. \ " +inherit features_check +REQUIRED_DISTRO_FEATURES ?= "seccomp ipv6" + DEPENDS = " \ go-metalinter-native \ - go-md2man-native \ gpgme \ libseccomp \ ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ + gettext-native \ " -python __anonymous() { - msg = "" - # ERROR: Nothing PROVIDES 'libseccomp' (but meta-virtualization/recipes-containers/podman/ DEPENDS on or otherwise requires it). - # ERROR: Required build target 'meta-world-pkgdata' has no buildable providers. - # Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'podman', 'libseccomp'] - if 'security' not in d.getVar('BBFILE_COLLECTIONS').split(): - msg += "Make sure meta-security should be present as it provides 'libseccomp'" - raise bb.parse.SkipRecipe(msg) -} - -SRCREV = "b7ce1157b00af09f4a09e39b377aa3abff46ee05" +SRCREV = "bb81e85a430fa95d23a15b77c717fd68bf06ebf2" SRC_URI = " \ - git://github.com/containers/libpod.git;branch=master \ + git://github.com/containers/libpod.git;branch=v5.0;protocol=https;destsuffix=${GO_SRCURI_DESTSUFFIX} \ + ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'file://50-podman-rootless.conf', '', d)} \ + file://run-ptest \ " LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=e3fc50a88d0a364313df4b21ef20c29e" +LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=3d9b931fa23ab1cacd0087f9e2ee12c0" GO_IMPORT = "import" S = "${WORKDIR}/git" -PV = "1.7.0+git${SRCREV}" +PV = "5.0.1+git" + +CVE_STATUS[CVE-2022-2989] = "fixed-version: fixed since v4.3.0" +CVE_STATUS[CVE-2023-0778] = "fixed-version: fixed since v4.5.0" PACKAGES =+ "${PN}-contrib" PODMAN_PKG = "github.com/containers/libpod" + +BUILDTAGS_EXTRA ?= "${@bb.utils.contains('VIRTUAL-RUNTIME_container_networking','cni','cni','',d)}" BUILDTAGS ?= "seccomp varlink \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)} \ -exclude_graphdriver_btrfs exclude_graphdriver_devicemapper" +exclude_graphdriver_btrfs exclude_graphdriver_devicemapper ${BUILDTAGS_EXTRA}" # overide LDFLAGS to allow podman to build without: "flag provided but not # defined: -Wl,-O1 export LDFLAGS="" +# https://github.com/llvm/llvm-project/issues/53999 +TOOLCHAIN = "gcc" + +# podmans Makefile expects BUILDFLAGS to be set but go.bbclass defines them in GOBUILDFLAGS +export BUILDFLAGS="${GOBUILDFLAGS}" + inherit go goarch -inherit systemd pkgconfig +inherit container-host +inherit systemd pkgconfig ptest do_configure[noexec] = "1" EXTRA_OEMAKE = " \ PREFIX=${prefix} BINDIR=${bindir} LIBEXECDIR=${libexecdir} \ ETCDIR=${sysconfdir} TMPFILESDIR=${nonarch_libdir}/tmpfiles.d \ - SYSTEMDDIR=${systemd_unitdir}/system USERSYSTEMDDIR=${systemd_unitdir}/user \ + SYSTEMDDIR=${systemd_unitdir}/system USERSYSTEMDDIR=${systemd_user_unitdir} \ " # remove 'docker' from the packageconfig if you don't want podman to @@ -78,8 +85,6 @@ do_compile() { cd ${S}/src/.gopath/src/"${PODMAN_PKG}" - oe_runmake cmd/podman/varlink/iopodman.go GO=go - # Pass the needed cflags/ldflags so that cgo # can find the needed headers files and libraries export GOARCH=${TARGET_GOARCH} @@ -87,25 +92,91 @@ do_compile() { export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" - oe_runmake BUILDTAGS="${BUILDTAGS}" + # podman now builds go-md2man and requires the host/build details + export NATIVE_GOOS=${BUILD_GOOS} + export NATIVE_GOARCH=${BUILD_GOARCH} + + oe_runmake NATIVE_GOOS=${BUILD_GOOS} NATIVE_GOARCH=${BUILD_GOARCH} BUILDTAGS="${BUILDTAGS}" } do_install() { cd ${S}/src/.gopath/src/"${PODMAN_PKG}" + export GOARCH="${BUILD_GOARCH}" + export GOPATH="${S}/src/.gopath" + export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go" + oe_runmake install DESTDIR="${D}" if ${@bb.utils.contains('PACKAGECONFIG', 'docker', 'true', 'false', d)}; then oe_runmake install.docker DESTDIR="${D}" fi + + # Silence docker emulation warnings. + mkdir -p ${D}/etc/containers + touch ${D}/etc/containers/nodocker + + if ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'true', 'false', d)}; then + install -d "${D}${sysconfdir}/sysctl.d" + install -m 0644 "${UNPACKDIR}/50-podman-rootless.conf" "${D}${sysconfdir}/sysctl.d" + install -d "${D}${sysconfdir}/containers" + cat <<-EOF >> "${D}${sysconfdir}/containers/containers.conf" + [NETWORK] + default_rootless_network_cmd="slirp4netns" + EOF + fi +} + +do_install_ptest () { + cp ${S}/src/import/Makefile ${D}${PTEST_PATH} + install -d ${D}${PTEST_PATH}/test + cp -r ${S}/src/import/test/system ${D}${PTEST_PATH}/test + + # Some compatibility links for the Makefile assumptions. + install -d ${D}${PTEST_PATH}/bin + ln -s ${bindir}/podman ${D}${PTEST_PATH}/bin/podman + ln -s ${bindir}/podman-remote ${D}${PTEST_PATH}/bin/podman-remote } -FILES_${PN} += " \ +FILES:${PN} += " \ ${systemd_unitdir}/system/* \ - ${systemd_unitdir}/user/* \ + ${nonarch_libdir}/systemd/* \ + ${systemd_user_unitdir}/* \ ${nonarch_libdir}/tmpfiles.d/* \ + ${datadir}/user-tmpfiles.d/* \ ${sysconfdir}/cni \ " -RDEPENDS_${PN} += "conmon virtual/runc iptables cni skopeo" -RRECOMMENDS_${PN} += "slirp4netns" -RCONFLICTS_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'docker', 'docker', '', d)}" +SYSTEMD_SERVICE:${PN} = "podman.service podman.socket" + +# The other option for this is "busybox", since meta-virt ensures +# that busybox is configured with nsenter +VIRTUAL-RUNTIME_base-utils-nsenter ?= "util-linux-nsenter" + +COMPATIBLE_HOST = "^(?!mips).*" + +RDEPENDS:${PN} += "\ + catatonit conmon ${VIRTUAL-RUNTIME_container_runtime} iptables libdevmapper ${VIRTUAL-RUNTIME_container_networking} ${VIRTUAL-RUNTIME_base-utils-nsenter} \ + ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'fuse-overlayfs slirp4netns', '', d)} \ +" +RRECOMMENDS:${PN} += "slirp4netns \ + kernel-module-xt-masquerade \ + kernel-module-xt-comment \ + kernel-module-xt-mark \ + kernel-module-xt-addrtype \ + kernel-module-xt-conntrack \ + kernel-module-xt-tcpudp \ + " +RCONFLICTS:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'docker', 'docker', '', d)}" + +RDEPENDS:${PN}-ptest += " \ + bash \ + bats \ + buildah \ + coreutils \ + file \ + gnupg \ + jq \ + make \ + skopeo \ + tar \ +" |