These are arguably new functionality, so shouldn't be backported. But they are quite simple and make the series much simpler to apply, so I ended up taking the change.
Bruce In message: [meta-virtualization][kirkstone][PATCH 07/10] skopeo: use container-host bbclass to provide configuration on 01/03/2023 Chen Qi wrote: > From: Bruce Ashfield <[email protected]> > > Instead of providing storage and registries configuration files > in this package, we inherit container-host which will provide a > common definition of these configs. > > This allows multiple packages to ensure that the configuration > files are present, and not conflict in their installation. > > Signed-off-by: Bruce Ashfield <[email protected]> > --- > .../skopeo/files/registries.conf | 25 --- > recipes-containers/skopeo/files/storage.conf | 195 ------------------ > recipes-containers/skopeo/skopeo_git.bb | 7 +- > 3 files changed, 2 insertions(+), 225 deletions(-) > delete mode 100644 recipes-containers/skopeo/files/registries.conf > delete mode 100644 recipes-containers/skopeo/files/storage.conf > > diff --git a/recipes-containers/skopeo/files/registries.conf > b/recipes-containers/skopeo/files/registries.conf > deleted file mode 100644 > index ba6c3f6..0000000 > --- a/recipes-containers/skopeo/files/registries.conf > +++ /dev/null > @@ -1,25 +0,0 @@ > -# This is a system-wide configuration file used to > -# keep track of registries for various container backends. > -# It adheres to TOML format and does not support recursive > -# lists of registries. > - > -# The default location for this configuration file is > /etc/containers/registries.conf. > - > -# The only valid categories are: 'registries.search', 'registries.insecure', > -# and 'registries.block'. > - > -[registries.search] > -registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', > 'registry.access.redhat.com', 'registry.centos.org'] > - > -# If you need to access insecure registries, add the registry's > fully-qualified name. > -# An insecure registry is one that does not have a valid SSL certificate or > only does HTTP. > -[registries.insecure] > -registries = [] > - > - > -# If you need to block pull access from a registry, uncomment the section > below > -# and add the registries fully-qualified name. > -# > -# Docker only > -[registries.block] > -registries = [] > diff --git a/recipes-containers/skopeo/files/storage.conf > b/recipes-containers/skopeo/files/storage.conf > deleted file mode 100644 > index 722750c..0000000 > --- a/recipes-containers/skopeo/files/storage.conf > +++ /dev/null > @@ -1,195 +0,0 @@ > -# This file is is the configuration file for all tools > -# that use the containers/storage library. > -# See man 5 containers-storage.conf for more information > -# The "container storage" table contains all of the server options. > -[storage] > - > -# Default Storage Driver, Must be set for proper operation. > -driver = "overlay" > - > -# Temporary storage location > -runroot = "/run/containers/storage" > - > -# Primary Read/Write location of container storage > -graphroot = "/var/lib/containers/storage" > - > -# Storage path for rootless users > -# > -# rootless_storage_path = "$HOME/.local/share/containers/storage" > - > -[storage.options] > -# Storage options to be passed to underlying storage drivers > - > -# AdditionalImageStores is used to pass paths to additional Read/Only image > stores > -# Must be comma separated list. > -additionalimagestores = [ > -] > - > -# Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside > of > -# a container, to the UIDs/GIDs as they should appear outside of the > container, > -# and the length of the range of UIDs/GIDs. Additional mapped sets can be > -# listed and will be heeded by libraries, but there are limits to the number > of > -# mappings which the kernel will allow when you later attempt to run a > -# container. > -# > -# remap-uids = 0:1668442479:65536 > -# remap-gids = 0:1668442479:65536 > - > -# Remap-User/Group is a user name which can be used to look up one or more > UID/GID > -# ranges in the /etc/subuid or /etc/subgid file. Mappings are set up > starting > -# with an in-container ID of 0 and then a host-level ID taken from the lowest > -# range that matches the specified name, and using the length of that range. > -# Additional ranges are then assigned, using the ranges which specify the > -# lowest host-level IDs first, to the lowest not-yet-mapped in-container ID, > -# until all of the entries have been used for maps. > -# > -# remap-user = "containers" > -# remap-group = "containers" > - > -# Root-auto-userns-user is a user name which can be used to look up one or > more UID/GID > -# ranges in the /etc/subuid and /etc/subgid file. These ranges will be > partitioned > -# to containers configured to create automatically a user namespace. > Containers > -# configured to automatically create a user namespace can still overlap with > containers > -# having an explicit mapping set. > -# This setting is ignored when running as rootless. > -# root-auto-userns-user = "storage" > -# > -# Auto-userns-min-size is the minimum size for a user namespace created > automatically. > -# auto-userns-min-size=1024 > -# > -# Auto-userns-max-size is the minimum size for a user namespace created > automatically. > -# auto-userns-max-size=65536 > - > -[storage.options.overlay] > -# ignore_chown_errors can be set to allow a non privileged user running with > -# a single UID within a user namespace to run containers. The user can pull > -# and use any image even those with multiple uids. Note multiple UIDs will > be > -# squashed down to the default uid in the container. These images will have > no > -# separation between the users in the container. Only supported for the > overlay > -# and vfs drivers. > -#ignore_chown_errors = "false" > - > -# Inodes is used to set a maximum inodes of the container image. > -# inodes = "" > - > -# Path to an helper program to use for mounting the file system instead of > mounting it > -# directly. > -#mount_program = "/usr/bin/fuse-overlayfs" > - > -# mountopt specifies comma separated list of extra mount options > -mountopt = "nodev" > - > -# Set to skip a PRIVATE bind mount on the storage home directory. > -# skip_mount_home = "false" > - > -# Size is used to set a maximum size of the container image. > -# size = "" > - > -# ForceMask specifies the permissions mask that is used for new files and > -# directories. > -# > -# The values "shared" and "private" are accepted. > -# Octal permission masks are also accepted. > -# > -# "": No value specified. > -# All files/directories, get set with the permissions identified within > the > -# image. > -# "private": it is equivalent to 0700. > -# All files/directories get set with 0700 permissions. The owner has rwx > -# access to the files. No other users on the system can access the files. > -# This setting could be used with networked based homedirs. > -# "shared": it is equivalent to 0755. > -# The owner has rwx access to the files and everyone else can read, > access > -# and execute them. This setting is useful for sharing containers storage > -# with other users. For instance have a storage owned by root but shared > -# to rootless users as an additional store. > -# NOTE: All files within the image are made readable and executable by > any > -# user on the system. Even /etc/shadow within your image is now readable > by > -# any user. > -# > -# OCTAL: Users can experiment with other OCTAL Permissions. > -# > -# Note: The force_mask Flag is an experimental feature, it could change in > the > -# future. When "force_mask" is set the original permission mask is stored > in > -# the "user.containers.override_stat" xattr and the "mount_program" option > must > -# be specified. Mount programs like "/usr/bin/fuse-overlayfs" present the > -# extended attribute permissions to processes within containers rather then > the > -# "force_mask" permissions. > -# > -# force_mask = "" > - > -[storage.options.thinpool] > -# Storage Options for thinpool > - > -# autoextend_percent determines the amount by which pool needs to be > -# grown. This is specified in terms of % of pool size. So a value of 20 means > -# that when threshold is hit, pool will be grown by 20% of existing > -# pool size. > -# autoextend_percent = "20" > - > -# autoextend_threshold determines the pool extension threshold in terms > -# of percentage of pool size. For example, if threshold is 60, that means > when > -# pool is 60% full, threshold has been hit. > -# autoextend_threshold = "80" > - > -# basesize specifies the size to use when creating the base device, which > -# limits the size of images and containers. > -# basesize = "10G" > - > -# blocksize specifies a custom blocksize to use for the thin pool. > -# blocksize="64k" > - > -# directlvm_device specifies a custom block storage device to use for the > -# thin pool. Required if you setup devicemapper. > -# directlvm_device = "" > - > -# directlvm_device_force wipes device even if device already has a > filesystem. > -# directlvm_device_force = "True" > - > -# fs specifies the filesystem type to use for the base device. > -# fs="xfs" > - > -# log_level sets the log level of devicemapper. > -# 0: LogLevelSuppress 0 (Default) > -# 2: LogLevelFatal > -# 3: LogLevelErr > -# 4: LogLevelWarn > -# 5: LogLevelNotice > -# 6: LogLevelInfo > -# 7: LogLevelDebug > -# log_level = "7" > - > -# min_free_space specifies the min free space percent in a thin pool require > for > -# new device creation to succeed. Valid values are from 0% - 99%. > -# Value 0% disables > -# min_free_space = "10%" > - > -# mkfsarg specifies extra mkfs arguments to be used when creating the base > -# device. > -# mkfsarg = "" > - > -# metadata_size is used to set the `pvcreate --metadatasize` options when > -# creating thin devices. Default is 128k > -# metadata_size = "" > - > -# Size is used to set a maximum size of the container image. > -# size = "" > - > -# use_deferred_removal marks devicemapper block device for deferred removal. > -# If the thinpool is in use when the driver attempts to remove it, the driver > -# tells the kernel to remove it as soon as possible. Note this does not free > -# up the disk space, use deferred deletion to fully remove the thinpool. > -# use_deferred_removal = "True" > - > -# use_deferred_deletion marks thinpool device for deferred deletion. > -# If the device is busy when the driver attempts to delete it, the driver > -# will attempt to delete device every 30 seconds until successful. > -# If the program using the driver exits, the driver will continue attempting > -# to cleanup the next time the driver is used. Deferred deletion permanently > -# deletes the device and all data stored in device will be lost. > -# use_deferred_deletion = "True" > - > -# xfs_nospace_max_retries specifies the maximum number of retries XFS should > -# attempt to complete IO when ENOSPC (no space) error is returned by > -# underlying storage device. > -# xfs_nospace_max_retries = "0" > diff --git a/recipes-containers/skopeo/skopeo_git.bb > b/recipes-containers/skopeo/skopeo_git.bb > index d32c525..12a24b0 100644 > --- a/recipes-containers/skopeo/skopeo_git.bb > +++ b/recipes-containers/skopeo/skopeo_git.bb > @@ -22,8 +22,6 @@ RDEPENDS:${PN} = " \ > SRC_URI = " \ > git://github.com/containers/skopeo;branch=main;protocol=https \ > file://0001-Makefile-use-pkg-config-instead-of-gpgme-config.patch \ > - file://storage.conf \ > - file://registries.conf \ > " > > SRCREV = "3e2defd6d37b742adde2aac6cb01f6c3c17da8e2" > @@ -35,6 +33,8 @@ S = "${WORKDIR}/git" > inherit goarch > inherit pkgconfig > > +inherit container-host > + > # This CVE was fixed in the container image go library skopeo is using. > # See: > # https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214 > @@ -81,9 +81,6 @@ do_install() { > > install ${S}/src/import/bin/skopeo ${D}/${sbindir}/ > install ${S}/src/import/default-policy.json > ${D}/${sysconfdir}/containers/policy.json > - > - install ${WORKDIR}/storage.conf > ${D}/${sysconfdir}/containers/storage.conf > - install ${WORKDIR}/registries.conf > ${D}/${sysconfdir}/containers/registries.conf > } > > do_install:append:class-native() { > -- > 2.37.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#7926): https://lists.yoctoproject.org/g/meta-virtualization/message/7926 Mute This Topic: https://lists.yoctoproject.org/mt/97311053/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/leave/6693005/21656/1014668956/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
