From 69fa809444d7ca0ecc63519e76790d2a321c9936 Mon Sep 17 00:00:00 2001 From: Matthias Dahl <matthias.dahl@binary-island.eu> Date: Sun, 24 Nov 2019 09:07:28 +0100 Subject: app-emulation/libpod: Add missing seccomp.json and crun runtime dep seccomp.json needs to be installed in /usr/share/containers and will be used by libpod as well as buildah. Without it, some containers will not work due to seccomp usage that is otherwise blocked. Fedora has switched to crun as the default container runtime. At the moment it is the only runtime that supports CGroup v2 which in-turn greatly helps with rootless mode. Support crun as an alternative to the runc dependency. Closes: https://bugs.gentoo.org/692118 Closes: https://github.com/gentoo/gentoo/pull/13743 Package-Manager: Portage-2.3.79, Repoman-2.3.18 Signed-off-by: Matthias Dahl <matthias.dahl@binary-island.eu> Signed-off-by: Zac Medico <zmedico@gentoo.org> --- app-emulation/libpod/libpod-1.6.3-r1.ebuild | 136 ++++++++++++++++++++++++++++ app-emulation/libpod/libpod-1.6.3.ebuild | 133 --------------------------- 2 files changed, 136 insertions(+), 133 deletions(-) create mode 100644 app-emulation/libpod/libpod-1.6.3-r1.ebuild delete mode 100644 app-emulation/libpod/libpod-1.6.3.ebuild (limited to 'app-emulation/libpod') diff --git a/app-emulation/libpod/libpod-1.6.3-r1.ebuild b/app-emulation/libpod/libpod-1.6.3-r1.ebuild new file mode 100644 index 000000000000..fbbde543c71c --- /dev/null +++ b/app-emulation/libpod/libpod-1.6.3-r1.ebuild @@ -0,0 +1,136 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +EGIT_COMMIT="9d087f6a766259ba53b224944f1b7b778035c370" + +inherit bash-completion-r1 flag-o-matic go-module + +DESCRIPTION="Library and podman tool for running OCI-based containers in Pods" +HOMEPAGE="https://github.com/containers/libpod/" +SRC_URI="https://github.com/containers/libpod/archive/v${PV}.tar.gz -> ${P}.tar.gz" +LICENSE="Apache-2.0 BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0" +SLOT="0" + +KEYWORDS="~amd64" +IUSE="apparmor btrfs ostree +rootless selinux" +REQUIRED_USE="!ostree" +RESTRICT="test" + +COMMON_DEPEND=" + app-crypt/gpgme:= + >=app-emulation/conmon-2.0.0 + || ( >=app-emulation/runc-1.0.0_rc6 app-emulation/crun ) + dev-libs/libassuan:= + dev-libs/libgpg-error:= + sys-fs/lvm2 + sys-libs/libseccomp:= + + apparmor? ( sys-libs/libapparmor ) + btrfs? ( sys-fs/btrfs-progs ) + rootless? ( app-emulation/slirp4netns ) + selinux? ( sys-libs/libselinux:= ) +" +DEPEND=" + ${COMMON_DEPEND} + dev-go/go-md2man" +RDEPEND="${COMMON_DEPEND}" + +src_prepare() { + default + + # Disable installation of python modules here, since those are + # installed by separate ebuilds. + sed -e '/^GIT_.*/d' \ + -e 's/$(GO) build/$(GO) build -v -work -x/' \ + -e 's/^\(install:.*\) install\.python$/\1/' \ + -i Makefile || die + + sed -e 's|OUTPUT="${CIRRUS_TAG:.*|OUTPUT='v${PV}'|' \ + -i hack/get_release_info.sh || die +} + +src_compile() { + # Filter unsupported linker flags + filter-flags '-Wl,*' + + [[ -f hack/apparmor_tag.sh ]] || die + if use apparmor; then + echo -e "#!/bin/sh\necho apparmor" > hack/apparmor_tag.sh || die + else + echo -e "#!/bin/sh\ntrue" > hack/apparmor_tag.sh || die + fi + + [[ -f hack/btrfs_installed_tag.sh ]] || die + if use btrfs; then + echo -e "#!/bin/sh\ntrue" > hack/btrfs_installed_tag.sh || die + else + echo -e "#!/bin/sh\necho exclude_graphdriver_btrfs" > \ + hack/btrfs_installed_tag.sh || die + fi + + [[ -f hack/selinux_tag.sh ]] || die + if use selinux; then + echo -e "#!/bin/sh\necho selinux" > hack/selinux_tag.sh || die + else + echo -e "#!/bin/sh\ntrue" > hack/selinux_tag.sh || die + fi + + export -n GOCACHE XDG_CACHE_HOME + GOBIN="${S}/bin" \ + emake all \ + GIT_BRANCH=master \ + GIT_BRANCH_CLEAN=master \ + COMMIT_NO="${EGIT_COMMIT}" \ + GIT_COMMIT="${EGIT_COMMIT}" +} + +src_install() { + emake DESTDIR="${D}" PREFIX="${EPREFIX}/usr" install + + insinto /etc/containers + newins test/registries.conf registries.conf.example + newins test/policy.json policy.json.example + + insinto /usr/share/containers + doins seccomp.json + + newinitd "${FILESDIR}"/podman.initd podman + + insinto /etc/logrotate.d + newins "${FILESDIR}/podman.logrotated" podman + + dobashcomp completions/bash/* + + keepdir /var/lib/containers +} + +pkg_preinst() { + LIBPOD_ROOTLESS_UPGRADE=false + if use rootless; then + has_version 'app-emulation/libpod[rootless]' || LIBPOD_ROOTLESS_UPGRADE=true + fi +} + +pkg_postinst() { + local want_newline=false + if [[ ! ( -e ${EROOT%/*}/etc/containers/policy.json && -e ${EROOT%/*}/etc/containers/registries.conf ) ]]; then + elog "You need to create the following config files:" + elog "/etc/containers/registries.conf" + elog "/etc/containers/policy.json" + elog "To copy over default examples, use:" + elog "cp /etc/containers/registries.conf{.example,}" + elog "cp /etc/containers/policy.json{.example,}" + want_newline=true + fi + if [[ ${LIBPOD_ROOTLESS_UPGRADE} == true ]] ; then + ${want_newline} && elog "" + elog "For rootless operation, you need to configure subuid/subgid" + elog "for user running podman. In case subuid/subgid has only been" + elog "configured for root, run:" + elog "usermod --add-subuids 1065536-1131071 <user>" + elog "usermod --add-subgids 1065536-1131071 <user>" + want_newline=true + fi +} diff --git a/app-emulation/libpod/libpod-1.6.3.ebuild b/app-emulation/libpod/libpod-1.6.3.ebuild deleted file mode 100644 index 029c6c1413fc..000000000000 --- a/app-emulation/libpod/libpod-1.6.3.ebuild +++ /dev/null @@ -1,133 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -EGIT_COMMIT="9d087f6a766259ba53b224944f1b7b778035c370" - -inherit bash-completion-r1 flag-o-matic go-module - -DESCRIPTION="Library and podman tool for running OCI-based containers in Pods" -HOMEPAGE="https://github.com/containers/libpod/" -SRC_URI="https://github.com/containers/libpod/archive/v${PV}.tar.gz -> ${P}.tar.gz" -LICENSE="Apache-2.0 BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0" -SLOT="0" - -KEYWORDS="~amd64" -IUSE="apparmor btrfs ostree +rootless selinux" -REQUIRED_USE="!ostree" -RESTRICT="test" - -COMMON_DEPEND=" - app-crypt/gpgme:= - >=app-emulation/conmon-2.0.0 - >=app-emulation/runc-1.0.0_rc6 - dev-libs/libassuan:= - dev-libs/libgpg-error:= - sys-fs/lvm2 - sys-libs/libseccomp:= - - apparmor? ( sys-libs/libapparmor ) - btrfs? ( sys-fs/btrfs-progs ) - rootless? ( app-emulation/slirp4netns ) - selinux? ( sys-libs/libselinux:= ) -" -DEPEND=" - ${COMMON_DEPEND} - dev-go/go-md2man" -RDEPEND="${COMMON_DEPEND}" - -src_prepare() { - default - - # Disable installation of python modules here, since those are - # installed by separate ebuilds. - sed -e '/^GIT_.*/d' \ - -e 's/$(GO) build/$(GO) build -v -work -x/' \ - -e 's/^\(install:.*\) install\.python$/\1/' \ - -i Makefile || die - - sed -e 's|OUTPUT="${CIRRUS_TAG:.*|OUTPUT='v${PV}'|' \ - -i hack/get_release_info.sh || die -} - -src_compile() { - # Filter unsupported linker flags - filter-flags '-Wl,*' - - [[ -f hack/apparmor_tag.sh ]] || die - if use apparmor; then - echo -e "#!/bin/sh\necho apparmor" > hack/apparmor_tag.sh || die - else - echo -e "#!/bin/sh\ntrue" > hack/apparmor_tag.sh || die - fi - - [[ -f hack/btrfs_installed_tag.sh ]] || die - if use btrfs; then - echo -e "#!/bin/sh\ntrue" > hack/btrfs_installed_tag.sh || die - else - echo -e "#!/bin/sh\necho exclude_graphdriver_btrfs" > \ - hack/btrfs_installed_tag.sh || die - fi - - [[ -f hack/selinux_tag.sh ]] || die - if use selinux; then - echo -e "#!/bin/sh\necho selinux" > hack/selinux_tag.sh || die - else - echo -e "#!/bin/sh\ntrue" > hack/selinux_tag.sh || die - fi - - export -n GOCACHE XDG_CACHE_HOME - GOBIN="${S}/bin" \ - emake all \ - GIT_BRANCH=master \ - GIT_BRANCH_CLEAN=master \ - COMMIT_NO="${EGIT_COMMIT}" \ - GIT_COMMIT="${EGIT_COMMIT}" -} - -src_install() { - emake DESTDIR="${D}" PREFIX="${EPREFIX}/usr" install - - insinto /etc/containers - newins test/registries.conf registries.conf.example - newins test/policy.json policy.json.example - - newinitd "${FILESDIR}"/podman.initd podman - - insinto /etc/logrotate.d - newins "${FILESDIR}/podman.logrotated" podman - - dobashcomp completions/bash/* - - keepdir /var/lib/containers -} - -pkg_preinst() { - LIBPOD_ROOTLESS_UPGRADE=false - if use rootless; then - has_version 'app-emulation/libpod[rootless]' || LIBPOD_ROOTLESS_UPGRADE=true - fi -} - -pkg_postinst() { - local want_newline=false - if [[ ! ( -e ${EROOT%/*}/etc/containers/policy.json && -e ${EROOT%/*}/etc/containers/registries.conf ) ]]; then - elog "You need to create the following config files:" - elog "/etc/containers/registries.conf" - elog "/etc/containers/policy.json" - elog "To copy over default examples, use:" - elog "cp /etc/containers/registries.conf{.example,}" - elog "cp /etc/containers/policy.json{.example,}" - want_newline=true - fi - if [[ ${LIBPOD_ROOTLESS_UPGRADE} == true ]] ; then - ${want_newline} && elog "" - elog "For rootless operation, you need to configure subuid/subgid" - elog "for user running podman. In case subuid/subgid has only been" - elog "configured for root, run:" - elog "usermod --add-subuids 1065536-1131071 <user>" - elog "usermod --add-subgids 1065536-1131071 <user>" - want_newline=true - fi -} -- cgit v1.2.3-65-gdbad