From: Bruce Ashfield <[email protected]> Instead of providing storage and registries configuration files in this package, we inherit container-host which will provide a common definition of these configs.
This allows multiple packages to ensure that the configuration files are present, and not conflict in their installation. Signed-off-by: Bruce Ashfield <[email protected]> --- .../skopeo/files/registries.conf | 25 --- recipes-containers/skopeo/files/storage.conf | 195 ------------------ recipes-containers/skopeo/skopeo_git.bb | 7 +- 3 files changed, 2 insertions(+), 225 deletions(-) delete mode 100644 recipes-containers/skopeo/files/registries.conf delete mode 100644 recipes-containers/skopeo/files/storage.conf diff --git a/recipes-containers/skopeo/files/registries.conf b/recipes-containers/skopeo/files/registries.conf deleted file mode 100644 index ba6c3f6..0000000 --- a/recipes-containers/skopeo/files/registries.conf +++ /dev/null @@ -1,25 +0,0 @@ -# This is a system-wide configuration file used to -# keep track of registries for various container backends. -# It adheres to TOML format and does not support recursive -# lists of registries. - -# The default location for this configuration file is /etc/containers/registries.conf. - -# The only valid categories are: 'registries.search', 'registries.insecure', -# and 'registries.block'. - -[registries.search] -registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org'] - -# If you need to access insecure registries, add the registry's fully-qualified name. -# An insecure registry is one that does not have a valid SSL certificate or only does HTTP. -[registries.insecure] -registries = [] - - -# If you need to block pull access from a registry, uncomment the section below -# and add the registries fully-qualified name. -# -# Docker only -[registries.block] -registries = [] diff --git a/recipes-containers/skopeo/files/storage.conf b/recipes-containers/skopeo/files/storage.conf deleted file mode 100644 index 722750c..0000000 --- a/recipes-containers/skopeo/files/storage.conf +++ /dev/null @@ -1,195 +0,0 @@ -# This file is is the configuration file for all tools -# that use the containers/storage library. -# See man 5 containers-storage.conf for more information -# The "container storage" table contains all of the server options. -[storage] - -# Default Storage Driver, Must be set for proper operation. -driver = "overlay" - -# Temporary storage location -runroot = "/run/containers/storage" - -# Primary Read/Write location of container storage -graphroot = "/var/lib/containers/storage" - -# Storage path for rootless users -# -# rootless_storage_path = "$HOME/.local/share/containers/storage" - -[storage.options] -# Storage options to be passed to underlying storage drivers - -# AdditionalImageStores is used to pass paths to additional Read/Only image stores -# Must be comma separated list. -additionalimagestores = [ -] - -# Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of -# a container, to the UIDs/GIDs as they should appear outside of the container, -# and the length of the range of UIDs/GIDs. Additional mapped sets can be -# listed and will be heeded by libraries, but there are limits to the number of -# mappings which the kernel will allow when you later attempt to run a -# container. -# -# remap-uids = 0:1668442479:65536 -# remap-gids = 0:1668442479:65536 - -# Remap-User/Group is a user name which can be used to look up one or more UID/GID -# ranges in the /etc/subuid or /etc/subgid file. Mappings are set up starting -# with an in-container ID of 0 and then a host-level ID taken from the lowest -# range that matches the specified name, and using the length of that range. -# Additional ranges are then assigned, using the ranges which specify the -# lowest host-level IDs first, to the lowest not-yet-mapped in-container ID, -# until all of the entries have been used for maps. -# -# remap-user = "containers" -# remap-group = "containers" - -# Root-auto-userns-user is a user name which can be used to look up one or more UID/GID -# ranges in the /etc/subuid and /etc/subgid file. These ranges will be partitioned -# to containers configured to create automatically a user namespace. Containers -# configured to automatically create a user namespace can still overlap with containers -# having an explicit mapping set. -# This setting is ignored when running as rootless. -# root-auto-userns-user = "storage" -# -# Auto-userns-min-size is the minimum size for a user namespace created automatically. -# auto-userns-min-size=1024 -# -# Auto-userns-max-size is the minimum size for a user namespace created automatically. -# auto-userns-max-size=65536 - -[storage.options.overlay] -# ignore_chown_errors can be set to allow a non privileged user running with -# a single UID within a user namespace to run containers. The user can pull -# and use any image even those with multiple uids. Note multiple UIDs will be -# squashed down to the default uid in the container. These images will have no -# separation between the users in the container. Only supported for the overlay -# and vfs drivers. -#ignore_chown_errors = "false" - -# Inodes is used to set a maximum inodes of the container image. -# inodes = "" - -# Path to an helper program to use for mounting the file system instead of mounting it -# directly. -#mount_program = "/usr/bin/fuse-overlayfs" - -# mountopt specifies comma separated list of extra mount options -mountopt = "nodev" - -# Set to skip a PRIVATE bind mount on the storage home directory. -# skip_mount_home = "false" - -# Size is used to set a maximum size of the container image. -# size = "" - -# ForceMask specifies the permissions mask that is used for new files and -# directories. -# -# The values "shared" and "private" are accepted. -# Octal permission masks are also accepted. -# -# "": No value specified. -# All files/directories, get set with the permissions identified within the -# image. -# "private": it is equivalent to 0700. -# All files/directories get set with 0700 permissions. The owner has rwx -# access to the files. No other users on the system can access the files. -# This setting could be used with networked based homedirs. -# "shared": it is equivalent to 0755. -# The owner has rwx access to the files and everyone else can read, access -# and execute them. This setting is useful for sharing containers storage -# with other users. For instance have a storage owned by root but shared -# to rootless users as an additional store. -# NOTE: All files within the image are made readable and executable by any -# user on the system. Even /etc/shadow within your image is now readable by -# any user. -# -# OCTAL: Users can experiment with other OCTAL Permissions. -# -# Note: The force_mask Flag is an experimental feature, it could change in the -# future. When "force_mask" is set the original permission mask is stored in -# the "user.containers.override_stat" xattr and the "mount_program" option must -# be specified. Mount programs like "/usr/bin/fuse-overlayfs" present the -# extended attribute permissions to processes within containers rather then the -# "force_mask" permissions. -# -# force_mask = "" - -[storage.options.thinpool] -# Storage Options for thinpool - -# autoextend_percent determines the amount by which pool needs to be -# grown. This is specified in terms of % of pool size. So a value of 20 means -# that when threshold is hit, pool will be grown by 20% of existing -# pool size. -# autoextend_percent = "20" - -# autoextend_threshold determines the pool extension threshold in terms -# of percentage of pool size. For example, if threshold is 60, that means when -# pool is 60% full, threshold has been hit. -# autoextend_threshold = "80" - -# basesize specifies the size to use when creating the base device, which -# limits the size of images and containers. -# basesize = "10G" - -# blocksize specifies a custom blocksize to use for the thin pool. -# blocksize="64k" - -# directlvm_device specifies a custom block storage device to use for the -# thin pool. Required if you setup devicemapper. -# directlvm_device = "" - -# directlvm_device_force wipes device even if device already has a filesystem. -# directlvm_device_force = "True" - -# fs specifies the filesystem type to use for the base device. -# fs="xfs" - -# log_level sets the log level of devicemapper. -# 0: LogLevelSuppress 0 (Default) -# 2: LogLevelFatal -# 3: LogLevelErr -# 4: LogLevelWarn -# 5: LogLevelNotice -# 6: LogLevelInfo -# 7: LogLevelDebug -# log_level = "7" - -# min_free_space specifies the min free space percent in a thin pool require for -# new device creation to succeed. Valid values are from 0% - 99%. -# Value 0% disables -# min_free_space = "10%" - -# mkfsarg specifies extra mkfs arguments to be used when creating the base -# device. -# mkfsarg = "" - -# metadata_size is used to set the `pvcreate --metadatasize` options when -# creating thin devices. Default is 128k -# metadata_size = "" - -# Size is used to set a maximum size of the container image. -# size = "" - -# use_deferred_removal marks devicemapper block device for deferred removal. -# If the thinpool is in use when the driver attempts to remove it, the driver -# tells the kernel to remove it as soon as possible. Note this does not free -# up the disk space, use deferred deletion to fully remove the thinpool. -# use_deferred_removal = "True" - -# use_deferred_deletion marks thinpool device for deferred deletion. -# If the device is busy when the driver attempts to delete it, the driver -# will attempt to delete device every 30 seconds until successful. -# If the program using the driver exits, the driver will continue attempting -# to cleanup the next time the driver is used. Deferred deletion permanently -# deletes the device and all data stored in device will be lost. -# use_deferred_deletion = "True" - -# xfs_nospace_max_retries specifies the maximum number of retries XFS should -# attempt to complete IO when ENOSPC (no space) error is returned by -# underlying storage device. -# xfs_nospace_max_retries = "0" diff --git a/recipes-containers/skopeo/skopeo_git.bb b/recipes-containers/skopeo/skopeo_git.bb index d32c525..12a24b0 100644 --- a/recipes-containers/skopeo/skopeo_git.bb +++ b/recipes-containers/skopeo/skopeo_git.bb @@ -22,8 +22,6 @@ RDEPENDS:${PN} = " \ SRC_URI = " \ git://github.com/containers/skopeo;branch=main;protocol=https \ file://0001-Makefile-use-pkg-config-instead-of-gpgme-config.patch \ - file://storage.conf \ - file://registries.conf \ " SRCREV = "3e2defd6d37b742adde2aac6cb01f6c3c17da8e2" @@ -35,6 +33,8 @@ S = "${WORKDIR}/git" inherit goarch inherit pkgconfig +inherit container-host + # This CVE was fixed in the container image go library skopeo is using. # See: # https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214 @@ -81,9 +81,6 @@ do_install() { install ${S}/src/import/bin/skopeo ${D}/${sbindir}/ install ${S}/src/import/default-policy.json ${D}/${sysconfdir}/containers/policy.json - - install ${WORKDIR}/storage.conf ${D}/${sysconfdir}/containers/storage.conf - install ${WORKDIR}/registries.conf ${D}/${sysconfdir}/containers/registries.conf } do_install:append:class-native() { -- 2.37.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#7917): https://lists.yoctoproject.org/g/meta-virtualization/message/7917 Mute This Topic: https://lists.yoctoproject.org/mt/97311053/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
