Skip to content

Commit

Permalink
sysext: Add podman sysext
Browse files Browse the repository at this point in the history
Enabled user session dbus in base image to support podman rootless mode.
Extension images can now be created from multiple packages by seperating
them with a comma. The podman sysext includes app-containers/podman and
net-misc/passt.
It can be enabled by adding podman to /etc/flatcar/enabled-sysext.conf.
Potential TODO: gpgme had to be added as BDEPEND to podman ebuild.
  • Loading branch information
JeWe37 authored and pothos committed May 3, 2024
1 parent 425a6df commit cd849d6
Show file tree
Hide file tree
Showing 77 changed files with 1,872 additions and 7 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/portage-stable-packages-list
Original file line number Diff line number Diff line change
Expand Up @@ -553,6 +553,8 @@ sys-fs/udisks
sys-fs/xfsprogs
sys-fs/zfs
sys-fs/zfs-kmod
app-containers/podman
net-misc/passt

sys-kernel/linux-headers

Expand Down
1 change: 1 addition & 0 deletions build_library/extra_sysexts.sh
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
EXTRA_SYSEXTS=(
zfs:sys-fs/zfs
podman:app-containers/podman,net-misc/passt
)
5 changes: 3 additions & 2 deletions build_library/prod_image_util.sh
Original file line number Diff line number Diff line change
Expand Up @@ -255,7 +255,8 @@ create_prod_sysexts() {
local to_upload=()
for sysext in "${EXTRA_SYSEXTS[@]}"; do
local name="flatcar-${sysext%:*}"
local pkg="${sysext#*:}"
local pkgs="${sysext#*:}"
local pkg_array=(${pkgs//,/ })
local mangle_script="${BUILD_LIBRARY_DIR}/sysext_mangle_${name}"
if [[ ! -x "${mangle_script}" ]]; then
mangle_script=
Expand All @@ -267,7 +268,7 @@ create_prod_sysexts() {
--squashfs_base="${BUILD_DIR}/${image_sysext_base}" \
--image_builddir="${BUILD_DIR}" \
${mangle_script:+--manglefs_script=${mangle_script}} \
"${name}" "${pkg}"
"${name}" "${pkg_array[@]}"
delta_generator \
-private_key "/usr/share/update_engine/update-payload-key.key.pem" \
-new_image "${BUILD_DIR}/${name}.raw" \
Expand Down
20 changes: 20 additions & 0 deletions build_library/sysext_mangle_flatcar-podman
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
#!/bin/bash

set -euo pipefail
rootfs="${1}"

pushd "${rootfs}"

rm -rf ./usr/{lib/debug/,lib64/cmake/,lib64/pkgconfig,include/,share/fish,share/aclocal,share/SLSA}

mkdir -p ./usr/share/podman/etc
cp -a ./etc/{fuse.conf,containers} ./usr/share/podman/etc/

cat <<EOF >>./usr/lib/tmpfiles.d/podman.conf
C /etc/containers - - - - /usr/share/podman/etc/containers
C /etc/fuse.conf - - - - /usr/share/podman/etc/fuse.conf
w /etc/subuid - - - - core:1065536:65536
w /etc/subgid - - - - core:1065536:65536
EOF

popd
6 changes: 6 additions & 0 deletions build_packages
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ DEFINE_boolean skip_chroot_upgrade "${FLAGS_FALSE}" \
"Don't run the chroot upgrade automatically; use with care."
DEFINE_boolean only_resolve_circular_deps "${FLAGS_FALSE}" \
"Don't build all packages; only resolve circular dependencies, then stop."
DEFINE_boolean debug_emerge "${FLAGS_FALSE}" \
"Enable debug output for emerge."

# include upload options
. "${BUILD_LIBRARY_DIR}/release_util.sh" || exit 1
Expand Down Expand Up @@ -163,6 +165,10 @@ if [[ "${FLAGS_rebuild}" -eq "${FLAGS_TRUE}" ]]; then
EMERGE_FLAGS+=( --rebuild-if-unbuilt )
fi

if [[ "${FLAGS_debug_emerge}" -eq "${FLAGS_TRUE}" ]]; then
EMERGE_FLAGS+=( --debug )
fi

# Build cros_workon packages when they are changed.
CROS_WORKON_PKGS=()
if [ "${FLAGS_workon}" -eq "${FLAGS_TRUE}" ]; then
Expand Down
1 change: 1 addition & 0 deletions changelog/changes/2024-05-03-podman.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
- Provided a Podman Flatcar extension as optional systemd-sysext image with the release. Write 'podman' to `/etc/flatcar/enabled-sysext.conf` through Ignition and the sysext will be installed during provisioning ([scripts#1964](https://github.com/flatcar/scripts/pull/1964))
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,6 @@ RDEPEND="
coreos-base/flatcar-eks
net-misc/chrony
sys-fs/zfs
app-containers/podman
net-misc/passt
"
Original file line number Diff line number Diff line change
Expand Up @@ -137,9 +137,7 @@ multilib_src_configure() {
--disable-kqueue
$(use_enable elogind)
$(use_enable systemd)
# Flatcar: disable user sessions
# $(use_enable systemd user-session)
--disable-user-session
$(use_enable systemd user-session)
--disable-embedded-tests
--disable-modular-tests
$(use_enable debug stats)
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
DIST aardvark-dns-v1.10.0-vendor.tar.gz 6283889 BLAKE2B cb69144eabf876e418667782171273541bbc416b456193780b4d7f1d22ad03e18f06ec0d6b1e51e21eab912317bd61dd73266d717fa97a81b4314a3c7d14776a SHA512 68d0106b71f42ba789810020d62911d880debf90a35a086aabfd614403985025dc0c5934087a98943b53f6dfd8ede4add99465cec1ae9a098ff1de1082e1ef9c
DIST aardvark-dns-1.10.0.crate 51028 BLAKE2B 81cdc4eb7eaff7359a1a12657b2bc42603383cf0f80a3a599ce9ce277e15ad83e9d5b36c3de3bef15b3201a1e60d86286ad61469d1d58ba2252b4c0174506ea2 SHA512 3d67f1b3c66aeaf4878c09e5e8fc34717cea6c348e0295bc0521c0c4144433656a3306731c24bb362a0e340e652b036b7544e544cca99b61590547bd7a6ce629
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# Copyright 2023-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=8

[[ ${PV} == 9999* ]] || CRATES="${PN}@${PV}"
inherit cargo

DESCRIPTION="A container-focused DNS server"
HOMEPAGE="https://github.com/containers/aardvark-dns"

if [[ ${PV} == 9999* ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/containers/aardvark-dns.git"
else
SRC_URI="${CARGO_CRATE_URIS}"
SRC_URI+="https://github.com/containers/aardvark-dns/releases/download/v${PV}/${PN}-v${PV}-vendor.tar.gz"
KEYWORDS="amd64 arm64 ~ppc64 ~riscv"
fi

# main
LICENSE="Apache-2.0"
# deps
LICENSE+=" 0BSD Apache-2.0-with-LLVM-exceptions MIT Unlicense Unicode-DFS-2016 ZLIB"
SLOT="0"
QA_FLAGS_IGNORED="usr/libexec/podman/${PN}"
QA_PRESTRIPPED="usr/libexec/podman/${PN}"
ECARGO_VENDOR="${WORKDIR}/vendor"

src_unpack() {
if [[ ${PV} == 9999* ]]; then
git-r3_src_unpack
cargo_live_src_unpack
else
cargo_src_unpack
fi
}

src_prepare() {
default
sed -i -e "s|m0755 bin|m0755 target/$(usex debug debug release)|g;" Makefile || die
}

src_install() {
export PREFIX="${EPREFIX}"/usr
default
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>[email protected]</email>
<name>Zac Medico</name>
</maintainer>
<maintainer type="person" proxied="yes">
<email>[email protected]</email>
<name>Rahil Bhimjiani</name>
</maintainer>
<maintainer type="project" proxied="proxy">
<email>[email protected]</email>
<name>Proxy Maintainers</name>
</maintainer>
<longdescription lang="en">
Aardvark-dns is an authoritative dns server for A/AAAA container
records. It can forward other requests to configured resolvers.
</longdescription>
<upstream>
<remote-id type="github">containers/aardvark-dns</remote-id>
<bugs-to>https://github.com/containers/aardvark-dns/issues</bugs-to>
<doc>https://github.com/containers/aardvark-dns/blob/main/README.md</doc>
</upstream>
</pkgmetadata>
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DIST catatonit-0.2.0.tar.gz 16608 BLAKE2B 27b6ed1148aaef963140c42e2cb6a7a8c9c25f01eef62cf519c3b1c230c8f30838f5b9cb54bf0b37b1194084f3f0c750e20316738a330d6a01c830b71b45623c SHA512 115e72002e35bb2a03919f9422a9cb2d9a0e4f087862d4ffd20e9508af6d67efc359a577ec059574f2f6c98966a1f080b65dffc8dfb83b3c2ed48e63e2aeac3b
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# Copyright 2022-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=8

inherit autotools

DESCRIPTION="A container init that is so simple it's effectively brain-dead"
HOMEPAGE="https://github.com/openSUSE/catatonit"

if [[ ${PV} == 9999* ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/openSUSE/catatonit.git"
else
SRC_URI="https://github.com/openSUSE/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
KEYWORDS="amd64 arm64 ~ppc64 ~riscv"
fi

LICENSE="GPL-2+"
SLOT="0"

src_prepare() {
default
eautoreconf
}

src_install() {
default
dodir /usr/libexec/podman
dosym -r /usr/bin/"${PN}" /usr/libexec/podman/"${PN}"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>[email protected]</email>
</maintainer>
<maintainer type="person" proxied="yes">
<email>[email protected]</email>
<name>Rahil Bhimjiani</name>
</maintainer>
<maintainer type="project" proxied="proxy">
<email>[email protected]</email>
<name>Proxy Maintainers</name>
</maintainer>
<upstream>
<remote-id type="github">openSUSE/catatonit</remote-id>
<bugs-to>https://github.com/openSUSE/catatonit/issues</bugs-to>
<doc>https://github.com/openSUSE/catatonit/blob/main/README.md</doc>
</upstream>
</pkgmetadata>
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DIST conmon-2.1.10.tar.gz 121047 BLAKE2B 14b4c2d541607eac0af6b335f35bd506c9a6c3d2b4e4e3ad79f32550385e90b6f7533f505565f90fb4bb1f42d528c41e9ddc7ec275c16ee982a6d0afe1c65bff SHA512 ecf1a961f431b005b54faa68b5c1bcf31d448f994ca66a56f13002216074dba79b53b52a377d4f8dab08141d6c6cf44467352fbff37175135d3da84081b27a18
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=8

inherit toolchain-funcs

DESCRIPTION="An OCI container runtime monitor"
HOMEPAGE="https://github.com/containers/conmon"

if [[ ${PV} == 9999* ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/containers/conmon.git"
else
SRC_URI="https://github.com/containers/conmon/archive/v${PV}.tar.gz -> ${P}.tar.gz"
KEYWORDS="amd64 arm64 ~ppc64 ~riscv"
fi

LICENSE="Apache-2.0"
SLOT="0"
IUSE="+seccomp systemd"
RESTRICT="test"

RDEPEND="dev-libs/glib:=
seccomp? ( sys-libs/libseccomp )
systemd? ( sys-apps/systemd:= )"
DEPEND="${RDEPEND}"
BDEPEND="dev-go/go-md2man"
PATCHES=(
"${FILESDIR}/conmon-2.1.8-Makefile.patch"
)

src_prepare() {
default
sed -i -e "s|shell.*--exists libsystemd.* && echo \"0\"|shell echo $(usex systemd 0 1)|g;" Makefile || die
echo -e "#!/usr/bin/env bash\necho $(usex seccomp 0 1)" > hack/seccomp-notify.sh || die
}

src_compile() {
tc-export CC PKG_CONFIG
export PREFIX="${EPREFIX}/usr" GOMD2MAN=go-md2man
default
}

src_install() {
default
dodir /usr/libexec/podman
dosym ../../bin/"${PN}" /usr/libexec/podman/"${PN}"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
# https://github.com/containers/conmon/pull/482
# https://github.com/containers/conmon/pull/456
From 26f8263a2e5c7bff1e2d5985a8a3d5f07ab3b0b0 Mon Sep 17 00:00:00 2001
From: Rahil Bhimjiani <[email protected]>
Date: Tue, 26 Sep 2023 03:21:49 +0530
Subject: [PATCH] Remove checks for (long)deprecated libsystemd-journal in
favor of libsystemd

https://bugzilla.redhat.com/show_bug.cgi?id=1350301#c2

Signed-off-by: Rahil Bhimjiani <[email protected]>
---
Makefile | 5 +----
meson.build | 5 +----
2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/Makefile b/Makefile
index 5e6c0d39..40df8e3d 100644
--- a/Makefile
+++ b/Makefile
@@ -38,10 +38,7 @@ override CFLAGS += $(shell $(PKG_CONFIG) --cflags glib-2.0) -DVERSION=\"$(VERSIO
# "pkg-config --exists" will error if the package doesn't exist. Make can only compare
# output of commands, so the echo commands are to allow pkg-config to error out, make to catch it,
# and allow the compilation to complete.
-ifeq ($(shell $(PKG_CONFIG) --exists libsystemd-journal && echo "0"), 0)
- override LIBS += $(shell $(PKG_CONFIG) --libs libsystemd-journal)
- override CFLAGS += $(shell $(PKG_CONFIG) --cflags libsystemd-journal) -D USE_JOURNALD=1
-else ifeq ($(shell $(PKG_CONFIG) --exists libsystemd && echo "0"), 0)
+ifeq ($(shell $(PKG_CONFIG) --exists libsystemd && echo "0"), 0)
override LIBS += $(shell $(PKG_CONFIG) --libs libsystemd)
override CFLAGS += $(shell $(PKG_CONFIG) --cflags libsystemd) -D USE_JOURNALD=1
endif
diff --git a/meson.build b/meson.build
index 336e48f3..b454e349 100644
--- a/meson.build
+++ b/meson.build
@@ -47,10 +47,7 @@ else
libdl = cc.find_library('dl')
endif

-sd_journal = dependency('libsystemd-journal', required : false)
-if not sd_journal.found()
- sd_journal = dependency('libsystemd', required : false)
-endif
+sd_journal = dependency('libsystemd', required : false)
if sd_journal.found()
add_project_arguments('-DUSE_JOURNALD=1', language : 'c')
endif
diff --git a/docs/Makefile b/docs/Makefile
index af20d2b8..25987664 100644
--- a/docs/Makefile
+++ b/docs/Makefile
@@ -1,6 +1,6 @@
PREFIX ?= /usr/local
DATADIR := ${PREFIX}/share
MANDIR := $(DATADIR)/man
-GOMD2MAN = ../tools/build/go-md2man
+GOMD2MAN ?= ../tools/build/go-md2man

docs: $(patsubst %.md,%,$(wildcard *.8.md))
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>[email protected]</email>
<name>Zac Medico</name>
</maintainer>
<maintainer type="person" proxied="yes">
<email>[email protected]</email>
<name>Rahil Bhimjiani</name>
</maintainer>
<maintainer type="project" proxied="proxy">
<email>[email protected]</email>
<name>Proxy Maintainers</name>
</maintainer>
<upstream>
<remote-id type="github">containers/conmon</remote-id>
<bugs-to>https://github.com/containers/conmon/issues</bugs-to>
<doc>https://github.com/containers/conmon/blob/main/README.md</doc>
</upstream>
</pkgmetadata>
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DIST containers-common-0.58.0.tar.gz 13164567 BLAKE2B 17795eec2d38b4d8b9d6afeb20e249208c5ae2ac767a365ef7313d1e7c36eadb9a9eb284a657dfe3f4fcb0577448d4883fabbad76e0318425fdc03809e27cd7c SHA512 6f569d68d3b0e5ead304c7f23341808d66a47b6352c772d353d50c5f4777cd8a5a5b85d6faaf2887f828c17ec49b9c5f929177a67294b5bbb69baa80656982a8
Loading

0 comments on commit cd849d6

Please sign in to comment.