On Fri, Jun 25, 2021 at 11:21 AM Bruce Ashfield via lists.yoctoproject.org <[email protected]> wrote: > > On Fri, Jun 25, 2021 at 11:18 AM Bruce Ashfield via > lists.yoctoproject.org > <[email protected]> wrote: > > > > On Fri, Jun 25, 2021 at 10:16 AM Diego Sueiro <[email protected]> wrote: > > > > > > I was getting the following when passing `--machines mymachine`: > > > ``` > > > ERROR: Nothing PROVIDES 'libseccomp' (but > > > meta-virtualization/recipes-containers/podman/podman_git.bb, > > > meta-virtualization/recipes-networking/slirp4netns/slirp4netns_0.4.1.bb > > > DEPENDS on or otherwise requires it) > > > > > > libseccomp was skipped: missing required distro feature 'seccomp' (not in > > > DISTRO_FEATURES) > > > ``` > > > > > > > > > > > > In a deeper investigation I found that the way mymachine was setting the > > > DISTRO_FEATURES (with `+=`) it was preventing the inclusion of the > > > `DISTRO_FEATURES_DEFAULT` > > > > > > > > > > > > But still, since in `meta/recipes-support/libseccomp/libseccomp_2.5.1.bb` > > > we have `REQUIRED_DISTRO_FEATURES = "seccomp"` don’t we need to add this > > > check on the recipes that depends on it? > > > In a quick grep on meta-virt, I suppose that if this is the case, we will > > > also need to update for cri-o_git.bb and crun_git.bb recipes. > > > > > > > Yes .. exactly :D > > > > > > > > > > > Or we can just remove `REQUIRED_DISTRO_FEATURES = "seccomp"` from > > > `meta/recipes-support/libseccomp/libseccomp_2.5.1.bb`? > > > > > > > That is the core of what I was asking. A package that is now in core, > > why is it only enabled by a distro feature ? > > > > And for clarity, I realize that the systemd recipe checks for the > systemd distro feature .. so that is similar. But systemd is one of > many init managers, so I can see why it is used.
I still don't have a better solution to this, and while I see about getting seccomp behaviour changed in core, I can get this into the tree. I've added the extra seccomp dependent recipes and expect to merge this on Wednesday. Bruce > > Bruce > > > That is causing the proliferation of checks in meta-virt (and other > > layers as well). With CNCF, seccomp is becoming required for proper > > operation on many different runtimes, so it really isn't optional. > > > > I was hoping for something centralized in the layer, but that of > > course forces seccomp on kvm/lxc/xen and other use cases that still > > (but I bet they will) don't need seccomp. > > > > Alternatively, I was thinking the core distro feature could drop, or > > that a backfill could be used .. but neither of those solve the short > > term issue with a no-seccomp distro. > > > > So I'm coming up empty in my search for something better, and will > > likely just apply the patch and continue to see about those other > > options. > > > > Bruce > > > > > > > > > > > -- > > > > > > Diego > > > > > > > > > > > > From: Martin Jansa <[email protected]> > > > Sent: 25 June 2021 13:49 > > > To: Bruce Ashfield <[email protected]> > > > Cc: Diego Sueiro <[email protected]>; > > > [email protected]; nd <[email protected]> > > > Subject: Re: [meta-virtualization][PATCH 1/3] podman: Add seccomp as > > > REQUIRED_DISTRO_FEATURES > > > > > > > > > > > > AB would use the new default DISTRO_FEATURES which already contain > > > seccomp. > > > > > > > > > > > > On Fri, Jun 25, 2021 at 2:46 PM Bruce Ashfield <[email protected]> > > > wrote: > > > > > > On Fri, Jun 25, 2021 at 4:11 AM Diego Sueiro <[email protected]> wrote: > > > > > > > > >-----Original Message----- > > > > >From: Bruce Ashfield <[email protected]> > > > > >Sent: 25 June 2021 03:49 > > > > >To: Martin Jansa <[email protected]> > > > > >Cc: Diego Sueiro <[email protected]>; meta- > > > > >[email protected]; nd <[email protected]> > > > > >Subject: Re: [meta-virtualization][PATCH 1/3] podman: Add seccomp as > > > > >REQUIRED_DISTRO_FEATURES > > > > > > > > > >On Thu, Jun 24, 2021 at 5:01 PM Martin Jansa <[email protected]> > > > > >wrote: > > > > >> > > > > >> This change is correct, libseccomp still requires seccomp in > > > > >DISTRO_FEATURES, so anything depending on it should have the same > > > > >restriction. > > > > >> > > > > > > > > > >Right, I understand how/why it works like this .. but it is super > > > > >clunky when we > > > > >can't just depend on something that is now in core, without needing to > > > > >sprinkle distro checks everywhere. > > > > > > > > > >As the list of recipes gets larger with that check, it really isn't an > > > > >optional distro > > > > >feature for using meta virt at all, and it would be nice if we could > > > > >just do the > > > > >check once and be done with it. > > > > > > > > Just a side note that these patches fix issues with yocto-check-layer. > > > > > > I've disagreed with check-layer before (and we've changed how it works) > > > > > > That being said, the layer is checked on the AB, and Richard hasn't > > > reported any issues. So clearly there's something wrong with the AB > > > test or with something else. > > > > > > > > > > > > Bruce > > > > > > > > > > > Diego > > > > > > > > > > > > > >Bruce > > > > > > > > > >> seccomp is now in default DISTRO_FEATURES, but not through BACKFILL > > > > >feature, so many existing DISTROs didn't get it automatically added and > > > > >requiring it is the right way to automatically skip such recipes. > > > > >> > > > > >> On Thu, Jun 24, 2021 at 12:45 PM Bruce Ashfield > > > > ><[email protected]> wrote: > > > > >>> > > > > >>> What branch are you working with ? > > > > >>> > > > > >>> Now that seccomp is in core, we no longer have those restrictions, > > > > >>> so > > > > >>> I assume this is on an older branch ? > > > > >>> > > > > >>> Bruce > > > > >>> > > > > >>> On Thu, Jun 24, 2021 at 3:00 PM Diego Sueiro <[email protected]> > > > > >wrote: > > > > >>> > > > > > >>> > The libseccomp package is only available if seccomp is in > > > > >DISTRO_FEATURES. > > > > >>> > > > > > >>> > Signed-off-by: Diego Sueiro <[email protected]> > > > > >>> > --- > > > > >>> > recipes-containers/podman/podman_git.bb | 3 +++ > > > > >>> > 1 file changed, 3 insertions(+) > > > > >>> > > > > > >>> > diff --git a/recipes-containers/podman/podman_git.bb > > > > >>> > b/recipes-containers/podman/podman_git.bb > > > > >>> > index 9dcb21c..351f38b 100644 > > > > >>> > --- a/recipes-containers/podman/podman_git.bb > > > > >>> > +++ b/recipes-containers/podman/podman_git.bb > > > > >>> > @@ -6,6 +6,9 @@ DESCRIPTION = "Podman is a daemonless container > > > > >engine for developing, \ > > > > >>> > `alias docker=podman`. \ > > > > >>> > " > > > > >>> > > > > > >>> > +inherit features_check > > > > >>> > +REQUIRED_DISTRO_FEATURES ?= "seccomp" > > > > >>> > + > > > > >>> > DEPENDS = " \ > > > > >>> > go-metalinter-native \ > > > > >>> > go-md2man-native \ > > > > >>> > -- > > > > >>> > 2.17.1 > > > > >>> > > > > > >>> > > > > > >>> > > > > > >>> > > > > > >>> > > > > >>> > > > > >>> -- > > > > >>> - Thou shalt not follow the NULL pointer, for chaos and madness > > > > >>> await > > > > >>> thee at its end > > > > >>> - "Use the force Harry" - Gandalf, Star Trek II > > > > >>> > > > > >>> > > > > >>> > > > > > > > > > > > > > > >-- > > > > >- Thou shalt not follow the NULL pointer, for chaos and madness await > > > > >thee at > > > > >its end > > > > >- "Use the force Harry" - Gandalf, Star Trek II > > > > > > > > > > > > -- > > > - Thou shalt not follow the NULL pointer, for chaos and madness await > > > thee at its end > > > - "Use the force Harry" - Gandalf, Star Trek II > > > > > > > > -- > > - Thou shalt not follow the NULL pointer, for chaos and madness await > > thee at its end > > - "Use the force Harry" - Gandalf, Star Trek II > > > > > > > > > -- > - Thou shalt not follow the NULL pointer, for chaos and madness await > thee at its end > - "Use the force Harry" - Gandalf, Star Trek II > > > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6593): https://lists.yoctoproject.org/g/meta-virtualization/message/6593 Mute This Topic: https://lists.yoctoproject.org/mt/83767805/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
