commit: da6983c24d9d82773475b644f2f4e749da8b7d03 Author: Rahil Bhimjiani <rahil3108 <AT> gmail <DOT> com> AuthorDate: Tue Sep 26 17:57:03 2023 +0000 Commit: Zac Medico <zmedico <AT> gentoo <DOT> org> CommitDate: Sat Sep 30 02:20:19 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da6983c2
app-containers/podman: add 4.7.0 & live Major rewrite based on upstream's instructions. Introducing 3 more USE flags - systemd, seccomp, wrapper (provides docker command) Closes: https://github.com/gentoo/gentoo/pull/33070 Closes: https://bugs.gentoo.org/911537 Signed-off-by: Rahil Bhimjiani <rahil3108 <AT> gmail.com> Signed-off-by: Zac Medico <zmedico <AT> gentoo.org> app-containers/podman/Manifest | 1 + .../podman/files/seccomp-toggle-4.7.0.patch | 15 +++ app-containers/podman/metadata.xml | 5 +- app-containers/podman/podman-4.7.0.ebuild | 122 +++++++++++++++++++++ app-containers/podman/podman-9999.ebuild | 122 +++++++++++++++++++++ 5 files changed, 264 insertions(+), 1 deletion(-) diff --git a/app-containers/podman/Manifest b/app-containers/podman/Manifest index b41ed4569ea4..027ecbfb28a0 100644 --- a/app-containers/podman/Manifest +++ b/app-containers/podman/Manifest @@ -1 +1,2 @@ DIST podman-4.5.0.tar.gz 17423692 BLAKE2B ba28e77626bb4bcdb85b20031e12cf93f2eb3174b678cb8e99557df13e2cdf377ea402eb373a51ea44302f878f8e1cdedda14a2f3ad8c9e88895754fc50c272e SHA512 8a699dc01fc3d7c4a9e5ef4f166170303fc30e0f6695c61f763944e1cb755e75896108e0c4166d184fe49e3a6859f045aa3883047ebba9290e851fc128d77cac +DIST podman-4.7.0.tar.gz 20554573 BLAKE2B a98e52ec9fe48d5b70489ed6bd6961877cf67735048425ad30fe9de3e163f8266d6510c37b0c43effa90cc8ce1b39bdc46c5add90dabd8f78c79602824f132a6 SHA512 4cab8698a819cd42de4cb588978c94c91b0c85693db2476aa6d20d7f4e4a7674d417703f70bdbb5a0e94b678fd585ae03a95ff0e5b7eb2682d9f400b92915742 diff --git a/app-containers/podman/files/seccomp-toggle-4.7.0.patch b/app-containers/podman/files/seccomp-toggle-4.7.0.patch new file mode 100644 index 000000000000..17a09b601369 --- /dev/null +++ b/app-containers/podman/files/seccomp-toggle-4.7.0.patch @@ -0,0 +1,15 @@ +--- a/Makefile ++++ b/Makefile +@@ -57,7 +57,11 @@ + $(shell hack/systemd_tag.sh) \ + $(shell hack/libsubid_tag.sh) \ + exclude_graphdriver_devicemapper \ +- seccomp ++ ++BUILD_SECCOMP ?= yes ++ifeq ($(BUILD_SECCOMP),yes) ++BUILDTAGS += seccomp ++endif + # N/B: This value is managed by Renovate, manual changes are + # possible, as long as they don't disturb the formatting + # (i.e. DO NOT ADD A 'v' prefix!) diff --git a/app-containers/podman/metadata.xml b/app-containers/podman/metadata.xml index 59685cf20a43..93c2b60cc389 100644 --- a/app-containers/podman/metadata.xml +++ b/app-containers/podman/metadata.xml @@ -28,7 +28,7 @@ necessary kernel flags. </flag> <flag name="cgroup-hybrid"> - Default to hybrid (legacy) cgroup hierarchy instead of unified (modern). + Use legacy (hybrid) cgroups instead of modern (unified) cgroups </flag> <flag name="fuse"> Enables fuse dependencies (fuse-overlayfs is especially useful @@ -40,6 +40,9 @@ <flag name="rootless"> Enables dependencies for running in rootless mode. </flag> + <flag name="wrapper"> + Install wrapper which lets use podman for command `docker` + </flag> </use> <upstream> <remote-id type="github">containers/podman</remote-id> diff --git a/app-containers/podman/podman-4.7.0.ebuild b/app-containers/podman/podman-4.7.0.ebuild new file mode 100644 index 000000000000..2c7ededf36fd --- /dev/null +++ b/app-containers/podman/podman-4.7.0.ebuild @@ -0,0 +1,122 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit go-module tmpfiles linux-info + +DESCRIPTION="A tool for managing OCI containers and pods with Docker-compatible CLI" +HOMEPAGE="https://github.com/containers/podman/ https://podman.io/"; +if [[ ${PV} == *9999* ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/containers/podman.git"; +else + SRC_URI="https://github.com/containers/podman/archive/v${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~arm64 ~riscv" +fi +LICENSE="Apache-2.0 BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0" +SLOT="0" +IUSE="apparmor btrfs cgroup-hybrid wrapper +fuse +init +rootless +seccomp selinux systemd" +RESTRICT="test" + +RDEPEND=" + app-crypt/gpgme:= + >=app-containers/conmon-2.0.0 + >=app-containers/containers-common-0.56.0 + dev-libs/libassuan:= + dev-libs/libgpg-error:= + sys-apps/shadow:= + + apparmor? ( sys-libs/libapparmor ) + btrfs? ( sys-fs/btrfs-progs ) + cgroup-hybrid? ( >=app-containers/runc-1.0.0_rc6 ) + !cgroup-hybrid? ( app-containers/crun ) + wrapper? ( !app-containers/docker-cli ) + fuse? ( sys-fs/fuse-overlayfs ) + init? ( app-containers/catatonit ) + rootless? ( app-containers/slirp4netns ) + seccomp? ( sys-libs/libseccomp:= ) + selinux? ( sec-policy/selinux-podman sys-libs/libselinux:= ) + systemd? ( sys-apps/systemd:= ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + dev-go/go-md2man +" + +PATCHES=( + "${FILESDIR}/seccomp-toggle-4.7.0.patch" +) + +CONFIG_CHECK=" + ~USER_NS +" + +pkg_setup() { + use btrfs && CONFIG_CHECK+=" ~BTRFS_FS" + linux-info_pkg_setup +} + +src_prepare() { + default + local file + for file in apparmor_tag btrfs_installed_tag btrfs_tag selinux_tag systemd_tag; do + [[ -f hack/"${file}".sh ]] || die + done + + local feature + for feature in apparmor selinux systemd; do + cat <<-EOF > hack/"${feature}"_tag.sh || die + #!/usr/bin/env bash + $(usex ${feature} "echo ${feature}" echo) +EOF + done + + echo -e "#!/usr/bin/env bash\n echo" > hack/btrfs_installed_tag.sh || die + cat <<-EOF > hack/btrfs_tag.sh || die + #!/usr/bin/env bash + $(usex btrfs echo 'echo exclude_graphdriver_btrfs btrfs_noversion') +EOF +} + +src_compile() { + export PREFIX="${EPREFIX}/usr" + emake BUILDFLAGS="-v -work -x" GOMD2MAN="go-md2man" BUILD_SECCOMP="$(usex seccomp)" all $(usev wrapper docker-docs) +} + +src_install() { + emake DESTDIR="${D}" install install.completions $(usev wrapper install.docker-full) + + insinto /etc/cni/net.d + doins cni/87-podman-bridge.conflist + + newconfd "${FILESDIR}"/podman.confd podman + newinitd "${FILESDIR}"/podman.initd podman + + insinto /etc/logrotate.d + newins "${FILESDIR}/podman.logrotated" podman + + keepdir /var/lib/containers +} + +pkg_preinst() { + PODMAN_ROOTLESS_UPGRADE=false + if use rootless; then + has_version 'app-containers/podman[rootless]' || PODMAN_ROOTLESS_UPGRADE=true + fi +} + +pkg_postinst() { + tmpfiles_process podman.conf $(usev wrapper podman-docker.conf) + + local want_newline=false + if [[ ${PODMAN_ROOTLESS_UPGRADE} == true ]] ; then + ${want_newline} && elog "" + elog "For rootless operation, you need to configure subuid/subgid" + elog "for user running podman. In case subuid/subgid has only been" + elog "configured for root, run:" + elog "usermod --add-subuids 1065536-1131071 <user>" + elog "usermod --add-subgids 1065536-1131071 <user>" + want_newline=true + fi +} diff --git a/app-containers/podman/podman-9999.ebuild b/app-containers/podman/podman-9999.ebuild new file mode 100644 index 000000000000..2c7ededf36fd --- /dev/null +++ b/app-containers/podman/podman-9999.ebuild @@ -0,0 +1,122 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit go-module tmpfiles linux-info + +DESCRIPTION="A tool for managing OCI containers and pods with Docker-compatible CLI" +HOMEPAGE="https://github.com/containers/podman/ https://podman.io/"; +if [[ ${PV} == *9999* ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/containers/podman.git"; +else + SRC_URI="https://github.com/containers/podman/archive/v${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~arm64 ~riscv" +fi +LICENSE="Apache-2.0 BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0" +SLOT="0" +IUSE="apparmor btrfs cgroup-hybrid wrapper +fuse +init +rootless +seccomp selinux systemd" +RESTRICT="test" + +RDEPEND=" + app-crypt/gpgme:= + >=app-containers/conmon-2.0.0 + >=app-containers/containers-common-0.56.0 + dev-libs/libassuan:= + dev-libs/libgpg-error:= + sys-apps/shadow:= + + apparmor? ( sys-libs/libapparmor ) + btrfs? ( sys-fs/btrfs-progs ) + cgroup-hybrid? ( >=app-containers/runc-1.0.0_rc6 ) + !cgroup-hybrid? ( app-containers/crun ) + wrapper? ( !app-containers/docker-cli ) + fuse? ( sys-fs/fuse-overlayfs ) + init? ( app-containers/catatonit ) + rootless? ( app-containers/slirp4netns ) + seccomp? ( sys-libs/libseccomp:= ) + selinux? ( sec-policy/selinux-podman sys-libs/libselinux:= ) + systemd? ( sys-apps/systemd:= ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + dev-go/go-md2man +" + +PATCHES=( + "${FILESDIR}/seccomp-toggle-4.7.0.patch" +) + +CONFIG_CHECK=" + ~USER_NS +" + +pkg_setup() { + use btrfs && CONFIG_CHECK+=" ~BTRFS_FS" + linux-info_pkg_setup +} + +src_prepare() { + default + local file + for file in apparmor_tag btrfs_installed_tag btrfs_tag selinux_tag systemd_tag; do + [[ -f hack/"${file}".sh ]] || die + done + + local feature + for feature in apparmor selinux systemd; do + cat <<-EOF > hack/"${feature}"_tag.sh || die + #!/usr/bin/env bash + $(usex ${feature} "echo ${feature}" echo) +EOF + done + + echo -e "#!/usr/bin/env bash\n echo" > hack/btrfs_installed_tag.sh || die + cat <<-EOF > hack/btrfs_tag.sh || die + #!/usr/bin/env bash + $(usex btrfs echo 'echo exclude_graphdriver_btrfs btrfs_noversion') +EOF +} + +src_compile() { + export PREFIX="${EPREFIX}/usr" + emake BUILDFLAGS="-v -work -x" GOMD2MAN="go-md2man" BUILD_SECCOMP="$(usex seccomp)" all $(usev wrapper docker-docs) +} + +src_install() { + emake DESTDIR="${D}" install install.completions $(usev wrapper install.docker-full) + + insinto /etc/cni/net.d + doins cni/87-podman-bridge.conflist + + newconfd "${FILESDIR}"/podman.confd podman + newinitd "${FILESDIR}"/podman.initd podman + + insinto /etc/logrotate.d + newins "${FILESDIR}/podman.logrotated" podman + + keepdir /var/lib/containers +} + +pkg_preinst() { + PODMAN_ROOTLESS_UPGRADE=false + if use rootless; then + has_version 'app-containers/podman[rootless]' || PODMAN_ROOTLESS_UPGRADE=true + fi +} + +pkg_postinst() { + tmpfiles_process podman.conf $(usev wrapper podman-docker.conf) + + local want_newline=false + if [[ ${PODMAN_ROOTLESS_UPGRADE} == true ]] ; then + ${want_newline} && elog "" + elog "For rootless operation, you need to configure subuid/subgid" + elog "for user running podman. In case subuid/subgid has only been" + elog "configured for root, run:" + elog "usermod --add-subuids 1065536-1131071 <user>" + elog "usermod --add-subgids 1065536-1131071 <user>" + want_newline=true + fi +}
