From abce42385154c824d850225f466e54f1136a657a Mon Sep 17 00:00:00 2001
From: Oskari Rauta <oskari.rauta@gmail.com>
Date: Tue, 30 Mar 2021 14:55:57 +0300
Subject: podman: Add selinux variant and several improvements

* add -selinux variant which depends on libselinux
* init script for background service
* updated configurations
* maintainer change as requested

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
---
 utils/podman/Makefile              | 49 +++++++++++++++++++++++++++++++++-----
 utils/podman/files/containers.conf | 10 ++++----
 utils/podman/files/podman.init     | 14 +++++++++++
 3 files changed, 62 insertions(+), 11 deletions(-)
 create mode 100755 utils/podman/files/podman.init

(limited to 'utils/podman')

diff --git a/utils/podman/Makefile b/utils/podman/Makefile
index c567d62b3..5c9744a44 100644
--- a/utils/podman/Makefile
+++ b/utils/podman/Makefile
@@ -10,7 +10,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
-PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
+PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
 
 PKG_BUILD_DEPENDS:=golang/host protobuf/host
 PKG_BUILD_PARALLEL:=1
@@ -19,8 +19,6 @@ PKG_USE_MIPS16:=0
 GO_PKG:=github.com/containers/podman/
 GO_PKG_BUILD_PKG:=github.com/containers/podman/v2/cmd/podman/
 
-GO_PKG_TAGS=seccomp,exclude_graphdriver_devicemapper
-
 include $(INCLUDE_DIR)/package.mk
 include ../../lang/golang/golang-package.mk
 
@@ -38,22 +36,54 @@ define Download/default-policy
   HASH:=cddfaa8e6a7e5497b67cc0dd8e8517058d0c97de91bf46fff867528415f2d946
 endef
 
-define Package/podman
+define Package/podman/Default
   SECTION:=utils
   CATEGORY:=Utilities
   TITLE:=Podman
+  DEPENDS:=$(GO_ARCH_DEPENDS) +conmon +cni +cni-plugins +btrfs-progs +glib2 +gnupg2 +iptables +libgpg-error +libseccomp +libgpgme +nsenter +zoneinfo-simple +kmod-veth
   URL:=https://podman.io
-  DEPENDS:=$(GO_ARCH_DEPENDS) +conmon +cni +cni-plugins +btrfs-progs +glib2 +gnupg2 +iptables +libgpg-error +libseccomp +libgpgme +nsenter +zoneinfo-simple
+endef
+
+define Package/podman
+  $(call Package/podman/Default)
+  CONFLICTS:=podman-selinux
+  VARIANT:=default
+  PROVIDES:=podman
+endef
+
+define Package/podman-selinux
+  $(call Package/podman/Default)
+  TITLE+= with SELinux support
+  DEPENDS+= libselinux
+  VARIANT:=selinux
+  PROVIDES:=podman
 endef
 
 define Package/podman/description
   Podman: A tool for managing OCI containers and pods
 endef
 
+define Package/podman-selinux/description
+  Podman: A tool for managing OCI containers and pods
+  SELinux enabled.
+endef
+
 define Package/podman/conffiles
-/etc/containers
+  /etc/containers/policy.json
+  /etc/containers/storage.conf
+  /etc/containers/registries.conf
+  /etc/containers/containers.conf
+  /etc/cni/net.d/87-podman-bridge.conflist
 endef
 
+Package/podman-selinux/conffiles = $(Package/podman/conffiles)
+
+ifeq ($(BUILD_VARIANT),selinux)
+  GO_PKG_TAGS=seccomp,exclude_graphdriver_devicemapper,selinux
+else
+  GO_PKG_TAGS=seccomp,exclude_graphdriver_devicemapper
+endif
+
 define Build/Prepare
 	$(call Build/Prepare/Default)
 	$(eval $(call Download,default-registries))
@@ -69,7 +99,14 @@ define Package/podman/install
 	$(INSTALL_CONF) ./files/containers.conf $(1)/etc/containers/containers.conf
 	$(INSTALL_DIR) $(1)/etc/cni/net.d
 	$(INSTALL_CONF) $(PKG_BUILD_DIR)/cni/87-podman-bridge.conflist $(1)/etc/cni/net.d/
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/podman.init $(1)/etc/init.d/podman
+	$(SED) 's/driver = \"\"/driver = \"overlay\"/g' $(1)/etc/containers/storage.conf
 endef
 
+Package/podman-selinux/install = $(Package/podman/install)
+
 $(eval $(call GoBinPackage,podman))
 $(eval $(call BuildPackage,podman))
+$(eval $(call GoBinPackage,podman-selinux))
+$(eval $(call BuildPackage,podman-selinux))
diff --git a/utils/podman/files/containers.conf b/utils/podman/files/containers.conf
index c06e4b624..3cb5e87a2 100644
--- a/utils/podman/files/containers.conf
+++ b/utils/podman/files/containers.conf
@@ -7,19 +7,19 @@ network_config_dir="/etc/cni/net.d/"
 default_network="podman"
 
 [engine]
-runtime="/usr/sbin/crun"
+runtime="/usr/bin/crun"
 # runtime="/usr/sbin/runc"
 # runtime="/sbin/uxc"
 # runtime_supports_nocgroups = ["crun", "uxc"]
 # runtime_supports_json = ["crun", "runc", "kata", "uxc"]
 
 [engine.runtimes]
-runc = [
-        "/usr/sbin/runc",
+crun = [
+	"/usr/bin/crun",
 ]
 
-crun = [
-        "/usr/bin/crun",
+runc = [
+        "/usr/sbin/runc",
 ]
 
 uxc = [
diff --git a/utils/podman/files/podman.init b/utils/podman/files/podman.init
new file mode 100755
index 000000000..1df70407f
--- /dev/null
+++ b/utils/podman/files/podman.init
@@ -0,0 +1,14 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+USE_PROCD=1
+NAME=podman
+PROG=/usr/bin/podman
+
+start_service() {
+	[ -d /run/podman ] || mkdir -p /run/podman
+	procd_open_instance "podman"
+	procd_set_param command "$PROG" system service --time=0
+	procd_append_param command $command
+	procd_close_instance
+}
-- 
cgit v1.2.3