On Tue, Apr 06, 2021 at 08:58:13AM -0400, Bruce Ashfield wrote: > On Sat, Apr 3, 2021 at 3:51 PM Martin Jansa <[email protected]> wrote: > > > > * PNBLACKLISTs are IMHO a bit easier to read and easier to override from > > distro > > which e.g. provides own recipe for libseccomp > > Thanks Martin, > > I'm trying to decide if I should just give up and make meta-security a > hard/full layer dependency. More and more of the container components > just don't work if we don't have seccomp enabled.
Agreed, but Armin also mentioned that he plans to send libseccomp to meta-oe, so this PNBLACKLIST change should be only temporary until that happens. And I can imagine some people pulling libseccomp to their layer already (instead of adding whole meta-security) and then being able to simply set PNBLACKLIST to empty for these recipes would be much easier than undoing the anonymous python (witch is imho impossible without overlaying whole recipe except the function). > But I agree that the blacklist technique is easier to read than the > proliferating anonymous python. I'll merge it while I ponder the above > question. > > On that topic, would adding meta-security as a layer dependency cause > any issues in your setup/distros/builds ? I wouldn't call it my setup anymore, but I'm just going through PNBLACKLISTs used in webOS OSE: https://github.com/webosose/meta-webosose/blob/master/meta-webos/conf/distro/include/webos-recipe-blacklist.inc https://github.com/webosose/meta-webosose/blob/master/meta-webos-virtualization/conf/layer.conf#L19 and fixing some of them or moving them to the layer where the issue is introduced. In webOS OSE setup this libseccomp issue is kind of special, because it already includes meta-security layer, but BBMASKs all its content except smack recipes which are actively used: https://github.com/webosose/meta-webosose/blob/master/meta-webos-smack/conf/layer.conf#L10 so these 3-4 PNBLACKLISTs will need to stay in OSE anyway even with the conditional on security-layer, I'll just move it to meta-webos-smack where the BBMASK is being set: https://github.com/shr-project/meta-webosose/commit/430589dbae6c8616d69692e65a3da40d2b192277 at least until libseccomp is in meta-oe and I'll be able to drop this as well. And who know when LGE will update webOS OSE from currently used dunfell release, so whatever you decide in meta-virtualization is fine with me :). Cheers, > > Signed-off-by: Martin Jansa <[email protected]> > > --- > > recipes-containers/cri-o/cri-o_git.bb | 16 +--------------- > > recipes-containers/podman/podman_git.bb | 10 +--------- > > .../packagegroups/packagegroup-container.bb | 10 +--------- > > 3 files changed, 3 insertions(+), 33 deletions(-) > > > > diff --git a/recipes-containers/cri-o/cri-o_git.bb > > b/recipes-containers/cri-o/cri-o_git.bb > > index 2d6187a..0ac5ddc 100644 > > --- a/recipes-containers/cri-o/cri-o_git.bb > > +++ b/recipes-containers/cri-o/cri-o_git.bb > > @@ -43,21 +43,7 @@ RDEPENDS_${PN} = " \ > > libdevmapper \ > > " > > > > -python __anonymous() { > > - msg = "" > > - # ERROR: Nothing PROVIDES 'libseccomp' (but > > /buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb > > DEPENDS on or otherwise requires it). > > - # ERROR: Required build target 'meta-world-pkgdata' has no buildable > > providers. > > - # Missing or unbuildable dependency chain was: ['meta-world-pkgdata', > > 'cri-o', 'libseccomp'] > > - if 'security' not in d.getVar('BBFILE_COLLECTIONS').split(): > > - msg += "Make sure meta-security should be present as it provides > > 'libseccomp'" > > - raise bb.parse.SkipRecipe(msg) > > - # ERROR: Nothing PROVIDES 'libselinux' (but > > /buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb > > DEPENDS on or otherwise requires it). > > - # ERROR: Required build target 'meta-world-pkgdata' has no buildable > > providers. > > - # Missing or unbuildable dependency chain was: ['meta-world-pkgdata', > > 'cri-o', 'libselinux'] > > - elif 'selinux' not in d.getVar('BBFILE_COLLECTIONS').split(): > > - msg += "Make sure meta-selinux should be present as it provides > > 'libselinux'" > > - raise bb.parse.SkipRecipe(msg) > > -} > > +PNBLACKLIST[cri-o] ?= "${@bb.utils.contains('BBFILE_COLLECTIONS', > > 'security', bb.utils.contains('BBFILE_COLLECTIONS', 'selinux', '', 'Depends > > on libselinux from meta-selinux which is not included', d), 'Depends on > > libseccomp from meta-security which is not included', d)}" > > > > PACKAGES =+ "${PN}-config" > > > > diff --git a/recipes-containers/podman/podman_git.bb > > b/recipes-containers/podman/podman_git.bb > > index a552a7f..62ae024 100644 > > --- a/recipes-containers/podman/podman_git.bb > > +++ b/recipes-containers/podman/podman_git.bb > > @@ -14,15 +14,7 @@ DEPENDS = " \ > > ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ > > " > > > > -python __anonymous() { > > - msg = "" > > - # ERROR: Nothing PROVIDES 'libseccomp' (but > > meta-virtualization/recipes-containers/podman/ DEPENDS on or otherwise > > requires it). > > - # ERROR: Required build target 'meta-world-pkgdata' has no buildable > > providers. > > - # Missing or unbuildable dependency chain was: ['meta-world-pkgdata', > > 'podman', 'libseccomp'] > > - if 'security' not in d.getVar('BBFILE_COLLECTIONS').split(): > > - msg += "Make sure meta-security should be present as it provides > > 'libseccomp'" > > - raise bb.parse.SkipRecipe(msg) > > -} > > +PNBLACKLIST[podman] ?= "${@bb.utils.contains('BBFILE_COLLECTIONS', > > 'security', '', 'Depends on libseccomp from meta-security which is not > > included', d)}" > > > > SRCREV = "288fb688964cb7fc7086d0728daa1f5f6b726dd6" > > SRC_URI = " \ > > diff --git a/recipes-core/packagegroups/packagegroup-container.bb > > b/recipes-core/packagegroups/packagegroup-container.bb > > index b3b0d4c..b06a7c7 100644 > > --- a/recipes-core/packagegroups/packagegroup-container.bb > > +++ b/recipes-core/packagegroups/packagegroup-container.bb > > @@ -44,12 +44,4 @@ RDEPENDS_packagegroup-containerd = " \ > > virtual/containerd \ > > " > > > > -python __anonymous() { > > - msg = "" > > - # ERROR: Nothing PROVIDES 'libseccomp' (but > > meta-virtualization/recipes-containers/podman/ DEPENDS on or otherwise > > requires it). > > - # ERROR: Required build target 'meta-world-pkgdata' has no buildable > > providers. > > - # Missing or unbuildable dependency chain was: ['meta-world-pkgdata', > > 'podman', 'libseccomp'] > > - if 'security' not in d.getVar('BBFILE_COLLECTIONS').split(): > > - msg += "Make sure meta-security should be present as it provides > > 'libseccomp'" > > - raise bb.parse.SkipRecipe(msg) > > -} > > +PNBLACKLIST[packagegroup-container] ?= > > "${@bb.utils.contains('BBFILE_COLLECTIONS', 'security', '', 'Depends on > > podman which depends on libseccomp from meta-security which is not > > included', d)}" > > -- > > 2.30.2 > > > > > > > > > > > -- > - Thou shalt not follow the NULL pointer, for chaos and madness await > thee at its end > - "Use the force Harry" - Gandalf, Star Trek II
signature.asc
Description: PGP signature
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6317): https://lists.yoctoproject.org/g/meta-virtualization/message/6317 Mute This Topic: https://lists.yoctoproject.org/mt/81831764/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
