The /etc/containers/policy.json[1] file is used to specify verification policy. For now, we can see it's used by both cri-o and skopeo. To avoid conflict, we use container-host-config to provide this file and make both skopeo and cri-o depend on it.
[1] https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md Signed-off-by: Chen Qi <[email protected]> Signed-off-by: Bruce Ashfield <[email protected]> --- .../container-host-config/container-host-config.bb | 2 ++ .../container-host-config/policy.json | 7 +++++++ recipes-containers/cri-o/cri-o_git.bb | 1 + recipes-containers/skopeo/skopeo_git.bb | 1 - 4 files changed, 10 insertions(+), 1 deletion(-) create mode 100755 recipes-containers/container-host-config/container-host-config/policy.json diff --git a/recipes-containers/container-host-config/container-host-config.bb b/recipes-containers/container-host-config/container-host-config.bb index c762dea..c2f17bf 100644 --- a/recipes-containers/container-host-config/container-host-config.bb +++ b/recipes-containers/container-host-config/container-host-config.bb @@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384 SRC_URI = " \ file://storage.conf \ file://registries.conf \ + file://policy.json \ " do_install() { @@ -15,4 +16,5 @@ do_install() { install ${WORKDIR}/storage.conf ${D}/${sysconfdir}/containers/storage.conf install ${WORKDIR}/registries.conf ${D}/${sysconfdir}/containers/registries.conf + install ${WORKDIR}/policy.json ${D}/${sysconfdir}/containers/policy.json } diff --git a/recipes-containers/container-host-config/container-host-config/policy.json b/recipes-containers/container-host-config/container-host-config/policy.json new file mode 100755 index 0000000..bb26e57 --- /dev/null +++ b/recipes-containers/container-host-config/container-host-config/policy.json @@ -0,0 +1,7 @@ +{ + "default": [ + { + "type": "insecureAcceptAnything" + } + ] +} diff --git a/recipes-containers/cri-o/cri-o_git.bb b/recipes-containers/cri-o/cri-o_git.bb index 2597942..d74a17f 100644 --- a/recipes-containers/cri-o/cri-o_git.bb +++ b/recipes-containers/cri-o/cri-o_git.bb @@ -57,6 +57,7 @@ inherit systemd inherit go inherit goarch inherit pkgconfig +inherit container-host EXTRA_OEMAKE="BUILDTAGS=''" diff --git a/recipes-containers/skopeo/skopeo_git.bb b/recipes-containers/skopeo/skopeo_git.bb index 12a24b0..e396e3a 100644 --- a/recipes-containers/skopeo/skopeo_git.bb +++ b/recipes-containers/skopeo/skopeo_git.bb @@ -80,7 +80,6 @@ do_install() { install -d ${D}/${sysconfdir}/containers install ${S}/src/import/bin/skopeo ${D}/${sbindir}/ - install ${S}/src/import/default-policy.json ${D}/${sysconfdir}/containers/policy.json } do_install:append:class-native() { -- 2.37.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#7919): https://lists.yoctoproject.org/g/meta-virtualization/message/7919 Mute This Topic: https://lists.yoctoproject.org/mt/97311055/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
