podman: update to 4.5.0

 - added btrfs-tools as a build depency
 - switch from cni networking to recommended new standard, netavark.
 - drop iptables config option (netavark handles that now)
 - patch refreshed

List of changes: https://github.com/containers/podman/releases

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>

diff --git a/utils/podman/Makefile b/utils/podman/Makefile
index 441082cb0f71afc72c9c3828afb0b6f2250a15bc..961ffad0764bc9f3a043be0d572af3d04e60582a 100644 (file)
--- a/utils/podman/Makefile
+++ b/utils/podman/Makefile
@@ -1,18 +1,18 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=podman
-PKG_VERSION:=4.4.2
+PKG_VERSION:=4.5.0
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/containers/podman/archive/v$(PKG_VERSION)
-PKG_HASH:=59cec158438efa8a3e651b19e150d9afd90f7e3f07c30605a997e18b8c54b67c
+PKG_HASH:=830a633630bf6e61f2b8d4ca00efdd9a173ef25cdd49d4a4364c293e088561df
 
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
 PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
 
-PKG_BUILD_DEPENDS:=golang/host protobuf/host
+PKG_BUILD_DEPENDS:=golang/host protobuf/host btrfs-progs
 PKG_BUILD_PARALLEL:=1
 PKG_BUILD_FLAGS:=no-mips16
 PKG_INSTALL:=1
@@ -39,7 +39,7 @@ define Package/podman
   CATEGORY:=Utilities
   TITLE:=Podman
   URL:=https://podman.io
-  DEPENDS:=$(GO_ARCH_DEPENDS) +conmon +cni +cni-plugins +btrfs-progs +glib2 +gnupg2 +uci-firewall +libgpg-error +libseccomp +libgpgme +nsenter +zoneinfo-simple +kmod-veth +PODMAN_SELINUX_SUPPORT:libselinux
+  DEPENDS:=$(GO_ARCH_DEPENDS) +conmon +libgpgme +libseccomp +nsenter +zoneinfo-simple +kmod-veth +slirp4netns +netavark +aardvark-dns +PODMAN_SELINUX_SUPPORT:libselinux
 endef
 
 define Package/podman/description
@@ -53,10 +53,6 @@ define Package/podman/config
     bool "Enable SELinux support"
     default n
 
-    config PODMAN_IPTABLES_FW
-    bool "Add iptabels firewall options to default podman network"
-    default n
-
   endmenu
 endef
 
@@ -65,7 +61,7 @@ define Package/podman/conffiles
 /etc/containers/storage.conf
 /etc/containers/registries.conf
 /etc/containers/containers.conf
-/etc/cni/net.d/87-podman-bridge.conflist
+/etc/containers/networks/podman.json
 endef
 
 ifdef CONFIG_PODMAN_SELINUX_SUPPORT
@@ -74,12 +70,6 @@ else
   GO_PKG_TAGS=seccomp,exclude_graphdriver_devicemapper,apparmor
 endif
 
-ifdef CONFIG_PODMAN_IPTABLES_FW
-  CNIFILE:=87-podman-bridge-iptables.conflist
-else
-  CNIFILE:=87-podman-bridge.conflist
-endif
-
 MAKE_VARS += \
        GO_INSTALL_BIN_PATH="$(strip $(GO_PKG_INSTALL_BIN_PATH))" \
        BUILD_DIR="$(PKG_BUILD_DIR)" \
@@ -126,8 +116,8 @@ define Package/podman/install
        $(INSTALL_DATA) $(DL_DIR)/registries.fedora-da9a9c8778 $(1)/etc/containers/registries.conf
        $(INSTALL_DATA) $(PKG_BUILD_DIR)/vendor/github.com/containers/storage/storage.conf $(1)/etc/containers/storage.conf
        $(INSTALL_DATA) ./files/containers.conf $(1)/etc/containers/containers.conf
-       $(INSTALL_DIR) $(1)/etc/cni/net.d
-       $(INSTALL_CONF) ./files/$(CNIFILE) $(1)/etc/cni/net.d/87-podman-bridge.conflist
+       $(INSTALL_DIR) $(1)/etc/containers/networks
+       $(INSTALL_CONF) ./files/podman.json $(1)/etc/containers/networks
        $(INSTALL_DIR) $(1)/usr/share/containers
        $(INSTALL_DATA) $(PKG_BUILD_DIR)/vendor/github.com/containers/common/pkg/seccomp/seccomp.json $(1)/usr/share/containers/
        $(INSTALL_DIR) $(1)/etc/init.d

diff --git a/utils/podman/files/87-podman-bridge-iptables.conflist b/utils/podman/files/87-podman-bridge-iptables.conflist
deleted file mode 100644 (file)
index ef760a6..0000000
--- a/utils/podman/files/87-podman-bridge-iptables.conflist
+++ /dev/null
@@ -1,37 +0,0 @@
-{
-  "cniVersion": "0.4.0",
-  "name": "podman",
-  "plugins": [
-    {
-      "type": "bridge",
-      "bridge": "cni-podman0",
-      "isGateway": true,
-      "ipMasq": true,
-      "hairpinMode": true,
-      "ipam": {
-        "type": "host-local",
-        "routes": [{ "dst": "0.0.0.0/0" }],
-        "ranges": [
-          [
-            {
-              "subnet": "10.88.0.0/16",
-              "gateway": "10.88.0.1"
-            }
-          ]
-        ]
-      }
-    },
-    {
-      "type": "portmap",
-      "capabilities": {
-        "portMappings": true
-      }
-    },
-    {
-      "type": "firewall"
-    },
-    {
-      "type": "tuning"
-    }
-  ]
-}

diff --git a/utils/podman/files/87-podman-bridge.conflist b/utils/podman/files/87-podman-bridge.conflist
deleted file mode 100644 (file)
index 4665abd..0000000
--- a/utils/podman/files/87-podman-bridge.conflist
+++ /dev/null
@@ -1,28 +0,0 @@
-{
-  "cniVersion": "0.4.0",
-  "name": "podman",
-  "plugins": [
-    {
-      "type": "bridge",
-      "bridge": "cni-podman0",
-      "isGateway": true,
-      "ipMasq": true,
-      "hairpinMode": true,
-      "ipam": {
-        "type": "host-local",
-        "routes": [{ "dst": "0.0.0.0/0" }],
-        "ranges": [
-          [
-            {
-              "subnet": "10.88.0.0/16",
-              "gateway": "10.88.0.1"
-            }
-          ]
-        ]
-      }
-    },
-    {
-      "type": "tuning"
-    }
-  ]
-}

diff --git a/utils/podman/files/containers.conf b/utils/podman/files/containers.conf
index 3dbaab15fa707b0a5ca54b712b4961d63830aad5..13d3fb2955ca77e3091724211eb2ae4b1326b5ca 100644 (file)
--- a/utils/podman/files/containers.conf
+++ b/utils/podman/files/containers.conf
@@ -30,10 +30,8 @@ default_sysctls = [
 ]
 
 [network]
-cni_plugin_dirs = [
-  "/usr/lib/cni"
-]
-network_config_dir = "/etc/cni/net.d/"
+network_backend = "netavark"
+network_config_dir = "/etc/containers/networks/"
 default_network = "podman"
 
 [engine]

diff --git a/utils/podman/files/podman.json b/utils/podman/files/podman.json
new file mode 100644 (file)
index 0000000..35e7055
--- /dev/null
+++ b/utils/podman/files/podman.json
@@ -0,0 +1,19 @@
+{
+     "name": "podman",
+     "id": "5ef894788befd4d42498314b6e66282ca730aa2e1e82f9b9597bf4d1725ca074",
+     "driver": "bridge",
+     "network_interface": "podman0",
+     "created": "2023-02-20T08:56:34.652030952Z",
+     "subnets": [
+          {
+               "subnet": "10.88.0.0/16",
+               "gateway": "10.88.0.1"
+          }
+     ],
+     "ipv6_enabled": false,
+     "internal": false,
+     "dns_enabled": true,
+     "ipam_options": {
+          "driver": "host-local"
+     }
+}

diff --git a/utils/podman/patches/010-do-not-build-docs.patch b/utils/podman/patches/010-do-not-build-docs.patch
index 6f77e1b87488d5f68171afb096df7aaef11cf990..e678100528ff8a7a6c1c846a287fa9d6171e7ffc 100644 (file)
--- a/utils/podman/patches/010-do-not-build-docs.patch
+++ b/utils/podman/patches/010-do-not-build-docs.patch
@@ -1,6 +1,6 @@
 --- a/Makefile
 +++ b/Makefile
-@@ -206,7 +206,7 @@ GV_SHA=aab0ac9367fc5142f5857c36ac2352bcb
+@@ -209,7 +209,7 @@ GV_SHA=aab0ac9367fc5142f5857c36ac2352bcb
  default: all
  
  .PHONY: all
@@ -9,7 +9,7 @@
  
  .PHONY: binaries
  ifeq ($(shell uname -s),FreeBSD)
-@@ -797,7 +797,7 @@ package-install: package  ## Install rpm
+@@ -790,7 +790,7 @@ package-install: package  ## Install rpm
        /usr/bin/podman info  # will catch a broken conmon
  
  .PHONY: install