sysext: Add podman sysext

Enabled user session dbus in base image to support podman rootless mode. Extension images can now be created from multiple packages by seperating them with a comma. The podman sysext includes app-containers/podman and net-misc/passt. It can be enabled by adding podman to /etc/flatcar/enabled-sysext.conf. Potential TODO: gpgme had to be added as BDEPEND to podman ebuild.
flatcar · May 3, 2024 · 8744fcf · 8744fcf
1 parent 71d25ee
commit 8744fcf
Show file tree

Hide file tree

Showing 14 changed files with 33 additions and 14 deletions.
diff --git a/build_library/sysext_mangle_flatcar-podman b/build_library/sysext_mangle_flatcar-podman
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -euo pipefail
+rootfs="${1}"
+
+pushd "${rootfs}"
+
+rm -rf ./usr/{lib/debug/,lib64/cmake/,lib64/pkgconfig,include/,share/fish,share/aclocal,share/SLSA}
+
+mkdir -p ./usr/share/podman/etc
+cp -a ./etc/{fuse.conf,containers} ./usr/share/podman/etc/
+
+cat <<EOF >>./usr/lib/tmpfiles.d/podman.conf
+C /etc/containers - - - - /usr/share/podman/etc/containers
+C /etc/fuse.conf - - - - /usr/share/podman/etc/fuse.conf
+w /etc/subuid - - - - core:1065536:65536
+w /etc/subgid - - - - core:1065536:65536
+EOF
+
+popd
diff --git a/changelog/changes/2024-05-03-podman.md b/changelog/changes/2024-05-03-podman.md
@@ -0,0 +1 @@
+- Provided a Podman Flatcar extension as optional systemd-sysext image with the release. Write 'podman' to `/etc/flatcar/enabled-sysext.conf` through Ignition and the sysext will be installed during provisioning ([scripts#1964](https://github.com/flatcar/scripts/pull/1964))
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.14.4-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.14.4-r2.ebuild
@@ -137,9 +137,7 @@ multilib_src_configure() {
 		--disable-kqueue
 		$(use_enable elogind)
 		$(use_enable systemd)
-		# Flatcar: disable user sessions
-		# $(use_enable systemd user-session)
-		--disable-user-session
+		$(use_enable systemd user-session)
 		--disable-embedded-tests
 		--disable-modular-tests
 		$(use_enable debug stats)

diff --git a/...ner/src/third_party/portage-stable/app-containers/aardvark-dns/aardvark-dns-1.10.0.ebuild b/...ner/src/third_party/portage-stable/app-containers/aardvark-dns/aardvark-dns-1.10.0.ebuild
@@ -15,7 +15,7 @@ if [[ ${PV} == 9999* ]]; then
 else
 	SRC_URI="${CARGO_CRATE_URIS}"
 	SRC_URI+="https://github.com/containers/aardvark-dns/releases/download/v${PV}/${PN}-v${PV}-vendor.tar.gz"
-	KEYWORDS="amd64 ~arm64 ~ppc64 ~riscv"
+	KEYWORDS="amd64 arm64 ~ppc64 ~riscv"
 fi
 
 # main

diff --git a/sdk_container/src/third_party/portage-stable/app-containers/conmon/conmon-2.1.10.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/conmon/conmon-2.1.10.ebuild
@@ -13,7 +13,7 @@ if [[ ${PV} == 9999* ]]; then
 	EGIT_REPO_URI="https://github.com/containers/conmon.git"
 else
 	SRC_URI="https://github.com/containers/conmon/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-	KEYWORDS="amd64 ~arm64 ~ppc64 ~riscv"
+	KEYWORDS="amd64 arm64 ~ppc64 ~riscv"
 fi
 
 LICENSE="Apache-2.0"

diff --git a/..._party/portage-stable/app-containers/containers-common/containers-common-0.58.0-r1.ebuild b/..._party/portage-stable/app-containers/containers-common/containers-common-0.58.0-r1.ebuild
@@ -14,7 +14,7 @@ if [[ ${PV} == 9999* ]]; then
 else
 	SRC_URI="https://github.com/containers/common/archive/v${PV}.tar.gz -> ${P}.tar.gz"
 	S="${WORKDIR}/${P#containers-}"
-	KEYWORDS="amd64 ~arm64 ~riscv"
+	KEYWORDS="amd64 arm64 ~riscv"
 fi
 
 LICENSE="Apache-2.0"

diff --git a/...third_party/portage-stable/app-containers/containers-image/containers-image-5.30.0.ebuild b/...third_party/portage-stable/app-containers/containers-image/containers-image-5.30.0.ebuild
@@ -12,7 +12,7 @@ if [[ ${PV} == 9999* ]]; then
 else
 	SRC_URI="https://github.com/containers/image/archive/v${PV}.tar.gz -> ${P}.tar.gz"
 	S="${WORKDIR}/${P#containers-}"
-	KEYWORDS="amd64 ~arm64 ~riscv"
+	KEYWORDS="amd64 arm64 ~riscv"
 fi
 
 LICENSE="Apache-2.0"

diff --git a/...d_party/portage-stable/app-containers/containers-storage/containers-storage-1.53.0.ebuild b/...d_party/portage-stable/app-containers/containers-storage/containers-storage-1.53.0.ebuild
@@ -12,7 +12,7 @@ if [[ ${PV} == 9999* ]]; then
 else
 	SRC_URI="https://github.com/containers/storage/archive/v${PV}.tar.gz -> ${P}.tar.gz"
 	S="${WORKDIR}/${P#containers-}"
-	KEYWORDS="amd64 ~arm64 ~riscv"
+	KEYWORDS="amd64 arm64 ~riscv"
 fi
 
 LICENSE="Apache-2.0"

diff --git a/sdk_container/src/third_party/portage-stable/app-containers/crun/crun-1.14.3.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/crun/crun-1.14.3.ebuild
@@ -15,7 +15,7 @@ if [[ "$PV" == *9999* ]]; then
 	EGIT_REPO_URI="https://github.com/containers/${PN}.git"
 else
 	SRC_URI="https://github.com/containers/${PN}/releases/download/${PV}/${P}.tar.xz"
-	KEYWORDS="amd64 ~arm ~arm64 ~ppc64 ~riscv"
+	KEYWORDS="amd64 ~arm arm64 ~ppc64 ~riscv"
 fi
 
 LICENSE="GPL-2+ LGPL-2.1+"

diff --git a/sdk_container/src/third_party/portage-stable/app-containers/netavark/netavark-1.10.3.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/netavark/netavark-1.10.3.ebuild
@@ -15,7 +15,7 @@ if [[ ${PV} == 9999* ]]; then
 	EGIT_REPO_URI="https://github.com/containers/netavark.git"
 else
 	SRC_URI="${CARGO_CRATE_URIS} https://github.com/containers/netavark/releases/download/v${PV}/${PN}-v${PV}-vendor.tar.gz"
-	KEYWORDS="amd64 ~arm64 ~ppc64 ~riscv"
+	KEYWORDS="amd64 arm64 ~ppc64 ~riscv"
 fi
 
 # main

diff --git a/sdk_container/src/third_party/portage-stable/app-containers/podman/podman-5.0.2.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/podman/podman-5.0.2.ebuild
@@ -17,7 +17,7 @@ else
 	SRC_URI="https://github.com/containers/podman/archive/v${PV/_rc/-rc}.tar.gz -> ${P}.tar.gz"
 	S="${WORKDIR}/${P/_rc/-rc}"
 	[[ ${PV} != *rc* ]] && \
-		KEYWORDS="amd64 ~arm64 ~riscv"
+		KEYWORDS="amd64 arm64 ~riscv"
 fi
 
 # main pkg

diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/yajl/yajl-2.1.0-r5.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/yajl/yajl-2.1.0-r5.ebuild
@@ -11,7 +11,7 @@ SRC_URI="https://github.com/lloyd/yajl/archive/refs/tags/${PV}.tar.gz -> ${P}-r5
 
 LICENSE="ISC"
 SLOT="0/2"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 
 PATCHES=(

diff --git a/sdk_container/src/third_party/portage-stable/net-misc/passt/passt-2024.03.26.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/passt/passt-2024.03.26.ebuild
@@ -16,7 +16,7 @@ if [[ ${PV} == 9999* ]]; then
 else
 	SRC_URI="https://passt.top/passt/snapshot/passt-${RELEASE_COMMIT}.tar.xz -> ${P}.tar.xz"
 	S="${WORKDIR}/${PN}-${RELEASE_COMMIT}"
-	KEYWORDS="amd64 ~arm64 ~riscv"
+	KEYWORDS="amd64 arm64 ~riscv"
 fi
 
 LICENSE="BSD GPL-2+"

diff --git a/...container/src/third_party/portage-stable/sys-fs/fuse-overlayfs/fuse-overlayfs-1.13.ebuild b/...container/src/third_party/portage-stable/sys-fs/fuse-overlayfs/fuse-overlayfs-1.13.ebuild
@@ -11,7 +11,7 @@ SRC_URI="https://github.com/containers/fuse-overlayfs/archive/v${PV}.tar.gz -> $
 
 LICENSE="GPL-3"
 SLOT="0"
-KEYWORDS="amd64 ~arm64 ~ppc64 ~riscv"
+KEYWORDS="amd64 arm64 ~ppc64 ~riscv"
 
 DEPEND="sys-fs/fuse:3"
 RDEPEND="${DEPEND}"