Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

podman: Add selinux variant and several improvements

Browse source 
* add -selinux variant which depends on libselinux
* init script for background service
* updated configurations
* maintainer change as requested

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit abce423851)
This commit is contained in:
Oskari Rauta 2021-03-30 14:55:57 +03:00 committed by Daniel Golle
parent cb1d97d52a
commit 961551a85c
No known key found for this signature in database
GPG key ID: 5A8F39C31C3217CA
3 changed files with 63 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
utils/podman/Makefile
View file

@ -10,7 +10,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_LICENSE:=Apache-2.0 PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org> PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
PKG_BUILD_DEPENDS:=golang/host protobuf/host PKG_BUILD_DEPENDS:=golang/host protobuf/host
PKG_BUILD_PARALLEL:=1 PKG_BUILD_PARALLEL:=1
@ -19,8 +19,6 @@ PKG_USE_MIPS16:=0
GO_PKG:=github.com/containers/podman/ GO_PKG:=github.com/containers/podman/
GO_PKG_BUILD_PKG:=github.com/containers/podman/v2/cmd/podman/ GO_PKG_BUILD_PKG:=github.com/containers/podman/v2/cmd/podman/
GO_PKG_TAGS=seccomp,exclude_graphdriver_devicemapper
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk
include ../../lang/golang/golang-package.mk include ../../lang/golang/golang-package.mk
@ -38,22 +36,54 @@ define Download/default-policy
HASH:=cddfaa8e6a7e5497b67cc0dd8e8517058d0c97de91bf46fff867528415f2d946 HASH:=cddfaa8e6a7e5497b67cc0dd8e8517058d0c97de91bf46fff867528415f2d946
endef endef
define Package/podman define Package/podman/Default
SECTION:=utils SECTION:=utils
CATEGORY:=Utilities CATEGORY:=Utilities
TITLE:=Podman TITLE:=Podman
DEPENDS:=$(GO_ARCH_DEPENDS) +conmon +cni +cni-plugins +btrfs-progs +glib2 +gnupg2 +iptables +libgpg-error +libseccomp +libgpgme +nsenter +zoneinfo-simple +kmod-veth
URL:=https://podman.io URL:=https://podman.io
DEPENDS:=$(GO_ARCH_DEPENDS) +conmon +cni +cni-plugins +btrfs-progs +glib2 +gnupg2 +iptables +libgpg-error +libseccomp +libgpgme +nsenter +zoneinfo-simple endef
define Package/podman
$(call Package/podman/Default)
CONFLICTS:=podman-selinux
VARIANT:=default
PROVIDES:=podman
endef
define Package/podman-selinux
$(call Package/podman/Default)
TITLE+= with SELinux support
DEPENDS+= libselinux
VARIANT:=selinux
PROVIDES:=podman
endef endef
define Package/podman/description define Package/podman/description
Podman: A tool for managing OCI containers and pods Podman: A tool for managing OCI containers and pods
endef endef
define Package/podman/conffiles define Package/podman-selinux/description
/etc/containers Podman: A tool for managing OCI containers and pods
SELinux enabled.
endef endef
define Package/podman/conffiles
/etc/containers/policy.json
/etc/containers/storage.conf
/etc/containers/registries.conf
/etc/containers/containers.conf
/etc/cni/net.d/87-podman-bridge.conflist
endef
Package/podman-selinux/conffiles = $(Package/podman/conffiles)
ifeq ($(BUILD_VARIANT),selinux)
GO_PKG_TAGS=seccomp,exclude_graphdriver_devicemapper,selinux
else
GO_PKG_TAGS=seccomp,exclude_graphdriver_devicemapper
endif
define Build/Prepare define Build/Prepare
$(call Build/Prepare/Default) $(call Build/Prepare/Default)
$(eval $(call Download,default-registries)) $(eval $(call Download,default-registries))
@ -69,7 +99,14 @@ define Package/podman/install
$(INSTALL_CONF) ./files/containers.conf $(1)/etc/containers/containers.conf $(INSTALL_CONF) ./files/containers.conf $(1)/etc/containers/containers.conf
$(INSTALL_DIR) $(1)/etc/cni/net.d $(INSTALL_DIR) $(1)/etc/cni/net.d
$(INSTALL_CONF) $(PKG_BUILD_DIR)/cni/87-podman-bridge.conflist $(1)/etc/cni/net.d/ $(INSTALL_CONF) $(PKG_BUILD_DIR)/cni/87-podman-bridge.conflist $(1)/etc/cni/net.d/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/podman.init $(1)/etc/init.d/podman
$(SED) 's/driver = \"\"/driver = \"overlay\"/g' $(1)/etc/containers/storage.conf
endef endef
Package/podman-selinux/install = $(Package/podman/install)
$(eval $(call GoBinPackage,podman)) $(eval $(call GoBinPackage,podman))
$(eval $(call BuildPackage,podman)) $(eval $(call BuildPackage,podman))
$(eval $(call GoBinPackage,podman-selinux))
$(eval $(call BuildPackage,podman-selinux))

10
utils/podman/files/containers.conf
View file

@ -7,19 +7,19 @@ network_config_dir="/etc/cni/net.d/"
default_network="podman" default_network="podman"
[engine] [engine]
runtime="/usr/sbin/crun" runtime="/usr/bin/crun"
# runtime="/usr/sbin/runc" # runtime="/usr/sbin/runc"
# runtime="/sbin/uxc" # runtime="/sbin/uxc"
# runtime_supports_nocgroups = ["crun", "uxc"] # runtime_supports_nocgroups = ["crun", "uxc"]
# runtime_supports_json = ["crun", "runc", "kata", "uxc"] # runtime_supports_json = ["crun", "runc", "kata", "uxc"]
[engine.runtimes] [engine.runtimes]
runc = [ crun = [
"/usr/sbin/runc", "/usr/bin/crun",
] ]
crun = [ runc = [
"/usr/bin/crun", "/usr/sbin/runc",
] ]
uxc = [ uxc = [

14
utils/podman/files/podman.init Executable file
View file

@ -0,0 +1,14 @@
#!/bin/sh /etc/rc.common
START=99
USE_PROCD=1
NAME=podman
PROG=/usr/bin/podman
start_service() {
[ -d /run/podman ] || mkdir -p /run/podman
procd_open_instance "podman"
procd_set_param command "$PROG" system service --time=0
procd_append_param command $command
procd_close_instance
}