From 17a6ba59cd3e392adab54857cad57776666c617f Mon Sep 17 00:00:00 2001 From: Isaac Hermida Date: Wed, 11 Mar 2026 13:00:47 +0100 Subject: [PATCH] meta-digi-containers: add trimmed container runtime recipes Add dedicated trimmed runtime wrappers for LXC and Podman in meta-digi-containers so dey-image-container-manager can install reduced container runtimes without affecting other DEY images. https://onedigi.atlassian.net/browse/DEL-9996 Signed-off-by: Isaac Hermida --- .../recipes-containers/lxc/lxc-trimmed_git.bb | 72 +++++++++++++++++++ .../podman/podman-trimmed_git.bb | 46 ++++++++++++ 2 files changed, 118 insertions(+) create mode 100644 meta-digi-containers/recipes-containers/lxc/lxc-trimmed_git.bb create mode 100644 meta-digi-containers/recipes-containers/podman/podman-trimmed_git.bb diff --git a/meta-digi-containers/recipes-containers/lxc/lxc-trimmed_git.bb b/meta-digi-containers/recipes-containers/lxc/lxc-trimmed_git.bb new file mode 100644 index 000000000..8843f5d7a --- /dev/null +++ b/meta-digi-containers/recipes-containers/lxc/lxc-trimmed_git.bb @@ -0,0 +1,72 @@ +# Copyright (C) 2026, Digi International Inc. + +FILESEXTRAPATHS:prepend := "${COREBASE}/../meta-virtualization/recipes-containers/lxc/files:" + +require recipes-containers/lxc/lxc_git.bb + +DESCRIPTION = "Trimmed LXC runtime for dey-image-container-manager" + +FILES:${PN} += "${libdir}/lxc/rootfs" + +RDEPENDS:${PN}:remove = " \ + rsync curl gzip xz tar \ + bridge-utils dnsmasq \ + gmp libidn gnutls nettle \ + perl-module-strict perl-module-getopt-long perl-module-vars \ + perl-module-exporter perl-module-constant perl-module-overload \ + perl-module-exporter-heavy \ +" + +PACKAGECONFIG:remove = "templates systemd selinux" + +SYSTEMD_PACKAGES = "" +SYSTEMD_SERVICE:${PN} = "" +SYSTEMD_SERVICE:${PN}-networking = "" + +do_install:append() { + for bin in \ + lxc-autostart \ + lxc-cgroup \ + lxc-checkconfig \ + lxc-checkpoint \ + lxc-config \ + lxc-console \ + lxc-copy \ + lxc-create \ + lxc-device \ + lxc-execute \ + lxc-freeze \ + lxc-monitor \ + lxc-snapshot \ + lxc-top \ + lxc-unfreeze \ + lxc-unshare \ + lxc-update-config \ + lxc-usernsexec \ + lxc-wait \ + ; do + rm -f ${D}${bindir}/$bin + done + + rm -f ${D}${datadir}/lxc/lxc-patch.py + rm -f ${D}${datadir}/lxc/lxc.functions + rm -f ${D}${libexecdir}/lxc/lxc-apparmor-load + rm -f ${D}${libexecdir}/lxc/lxc-containers + rm -f ${D}${libexecdir}/lxc/lxc-net + rm -f ${D}${libexecdir}/lxc/lxc-user-nic + rm -f ${D}${sbindir}/init.lxc + rm -f ${D}${sbindir}/init.lxc.static + rm -f ${D}${sysconfdir}/default/lxc + rm -f ${D}${sysconfdir}/default/volatiles/99_lxc + rm -f ${D}${sysconfdir}/init.d/lxc-containers + rm -f ${D}${sysconfdir}/lxc/default.conf + + rm -rf ${D}${datadir}/bash-completion + rm -rf ${D}${datadir}/doc + rm -rf ${D}${datadir}/lxc/config + rm -rf ${D}${datadir}/lxc/hooks + rm -rf ${D}${libexecdir}/lxc/hooks + rm -rf ${D}${sysconfdir}/dnsmasq.d + + rmdir ${D}${sbindir} 2>/dev/null || true +} diff --git a/meta-digi-containers/recipes-containers/podman/podman-trimmed_git.bb b/meta-digi-containers/recipes-containers/podman/podman-trimmed_git.bb new file mode 100644 index 000000000..7f613295d --- /dev/null +++ b/meta-digi-containers/recipes-containers/podman/podman-trimmed_git.bb @@ -0,0 +1,46 @@ +# Copyright (C) 2026, Digi International Inc. + +FILESEXTRAPATHS:prepend := "${COREBASE}/../meta-virtualization/recipes-containers/podman/podman:" + +require recipes-containers/podman/podman_git.bb + +DESCRIPTION = "Trimmed Podman runtime for dey-image-container-manager" + +# No CNI implies no isolated or custom network support, no NAT and no forwarding. +# Host networking still works, and Podman uses netavark/aardvark-dns in this setup. +VIRTUAL-RUNTIME_container_networking = "" + +RDEPENDS:${PN}:append = " \ + netavark \ + aardvark-dns \ +" + +RDEPENDS:${PN}:remove = " \ + iptables \ + libdevmapper \ +" + +PACKAGECONFIG:remove = "rootless docker" + +do_install:append() { + rm -f ${D}${bindir}/docker + rm -f ${D}${bindir}/docker-runc + rm -f ${D}${bindir}/podman-remote + rm -f ${D}${bindir}/podmansh + rm -f ${D}${libexecdir}/podman/quadlet + rm -f ${D}${libexecdir}/podman/rootlessport + rm -f ${D}${sysconfdir}/profile.d/podman-docker.csh + rm -f ${D}${sysconfdir}/profile.d/podman-docker.sh + rm -rf ${D}${systemd_system_unitdir} + rm -rf ${D}${systemd_user_unitdir} + rm -rf ${D}${nonarch_libdir} + rm -rf ${D}${datadir}/user-tmpfiles.d +} + +SYSTEMD_SERVICE:${PN} = "" + +FILES:${PN}:remove = " \ + ${systemd_system_unitdir} \ + ${systemd_user_unitdir} \ + ${nonarch_libdir} \ +"