ap/podman added, version 1.9.3.

Podman container engine and tool added.

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>

BUILD_ORDER

@@ -75,3 +75,4 @@
 	ap	crun				# podman
 	n	cni-plugins			# podman
 	ap	fuse-overlayfs			# podman
+	ap	podman

ap/podman/OPENWRT-in-podman.txt

@@ -0,0 +1,13 @@
+---------------------------------------
+How to run OpenWrt in podman containers
+---------------------------------------
+
+Running OpenWrt versions for containers, such as docker.io/openwrtorg/rootfs,
+with defaults podman parameters may result in errors. To avoid that, following
+command line options should be supplied to 'podman run':
+--dns=none --no-hosts=true --systemd=false
+
+Example:
+
+# podman run --dns=none --no-hosts=true --systemd=false -it docker.io/openwrtorg/rootfs
+

ap/podman/doinst.sh

@@ -0,0 +1,19 @@
+config() {
+  NEW="$1"
+  OLD="$(dirname $NEW)/$(basename $NEW .new)"
+  # If there's no config file by that name, mv it over:
+  if [ ! -r $OLD ]; then
+    mv $NEW $OLD
+  elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+    # toss the redundant copy
+    rm $NEW
+  fi
+  # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+config etc/containers/libpod.conf.new
+config etc/containers/registries.conf.new
+config etc/containers/mounts.conf.new
+config etc/containers/seccomp.json.new
+config etc/containers/policy.json.new
+config etc/containers/storage.conf.new

ap/podman/get_sources.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+SRC=libpod
+VERSION=1.9.3
+git clone -b master https://github.com/containers/${SRC}.git $SRC && \
+  ( cd $SRC && git co v${VERSION} )
+mv $SRC ${SRC}-${VERSION}
+tar cf - ${SRC}-${VERSION} | xz -c9 > ${SRC}-${VERSION}.tar.xz
+[ -s ${SRC}-${VERSION}.tar.xz ] && rm -rf ${SRC}-${VERSION}

ap/podman/mounts.conf

@@ -0,0 +1 @@
+/etc/containers/secrets:/run/secrets

ap/podman/podman.SlackBuild

@@ -0,0 +1,150 @@
+#!/bin/sh
+# Set initial variables:
+CWD=$(pwd)
+
+APP=podman
+SRC=libpod
+VERSION=$(ls $SRC-*.tar.?z* | sed -e 's/\.tar\..z.*//' | rev | cut -d- -f1 | rev)
+ARCH=${ARCH:-x86_64}
+BUILD=${BUILD:-1}
+TAG=${TAG:-micu}
+
+# The domain part of the go package name, usually the hosting platform
+DOMAIN=github.com
+# The name of the organization/owner of the package
+ORG=containers
+# The name of the repository
+REPONAME=$SRC
+
+LIBSUFFIX=""
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "x86_64" ]; then
+  LIBSUFFIX=${LIBSUFFIX:-64}
+fi
+
+if [ "$TMP" = "" ]; then
+  TMP=/tmp
+fi
+PKG=$TMP/package-$APP
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP || exit 1
+rm -rf $APP-$VERSION
+mkdir -p $APP-$VERSION/src/$DOMAIN/$ORG
+cd $APP-$VERSION/src/$DOMAIN/$ORG || exit 1
+tar xvf $CWD/$SRC-$VERSION.tar.?z* || exit 1
+mv $SRC-$VERSION $REPONAME
+cd $REPONAME || exit 1
+chown -R root.root .
+find . -perm 444 -exec chmod 644 {} \;
+find . -perm 777 -exec chmod 755 {} \;
+find . -perm 666 -exec chmod 644 {} \;
+
+# For recent build, we need go version at least 1.13.xx;
+# gccgo is now 1.12.2, so let's spend some time and build a dedicated version
+# (or use the one already built there):
+GODEVDIR=$TMP/go-devel
+GODEVVER=1.13.11
+if [ ! -x $GODEVDIR/go/bin/go ]; then
+  echo "Development go not found at $GODEVDIR, building it."
+  mkdir -p $GODEVDIR
+  cd $GODEVDIR || exit 1
+  git clone https://go.googlesource.com/go
+  export GOPATH=$GODEVDIR/go
+  cd $GOPATH
+  git co go$GODEVVER
+  cd src || exit 1
+  ./all.bash || exit 1
+  cd $TMP/$APP-$VERSION/src/$DOMAIN/$ORG/$REPONAME || exit 1
+else
+  echo "Development go found at $GODEVDIR, using it."
+fi
+export PATH=$GODEVDIR/go/bin:$PATH
+
+# Point go to the location of the source tree
+export GOPATH="$TMP/$APP-$VERSION"
+
+make binaries PREFIX="/usr/" MANDIR="/usr/man/" || exit 1
+make install install.completions DESTDIR="$PKG" PREFIX="/usr/" MANDIR="/usr/man/" || exit 1
+
+rm -rf $PKG/usr/lib/systemd $PKG/usr/lib/tmpfiles.d
+rmdir $PKG/usr/lib
+
+mkdir -p $PKG/etc/containers/secrets
+
+# use upstream's default seccomp policy
+cp seccomp.json $PKG/etc/containers/seccomp.json.new
+# use upstream config, but default to cgroupfs and crun
+sed -e 's/^cgroup_manager = "systemd"/cgroup_manager = "cgroupfs"/g' \
+  -e 's/^runtime = "runc"/runtime = "crun"/g' \
+  -e 's/^# events_logger = "journald"/events_logger = "file"/g' \
+  libpod.conf > $PKG/etc/containers/libpod.conf.new
+# use upstream storage config, but default to overlayfs
+sed -e 's/^driver = ""/driver = "overlay"/' \
+  -e 's/^#mount_program = /mount_program = /' \
+  vendor/github.com/containers/storage/storage.conf > $PKG/etc/containers/storage.conf.new
+
+cp $CWD/registries.conf $PKG/etc/containers/registries.conf.new
+cp $CWD/mounts.conf $PKG/etc/containers/mounts.conf.new
+cp $CWD/policy.json $PKG/etc/containers/policy.json.new
+
+# Make docker link:
+( cd $PKG/usr/bin && ln -s podman docker )
+
+# Don't ship .la files:
+rm -f $PKG/{,usr/}lib${LIBSUFFIX}/*.la
+
+chown -R root.bin $PKG/usr/bin $PKG/usr/sbin
+
+( cd $PKG
+  find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+  find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+  find . | xargs file | grep "current ar archive" | grep ELF | cut -f 1 -d : | xargs strip -g 2> /dev/null
+)
+
+# Compress and if needed symlink the man pages:
+if [ -d $PKG/usr/info ]; then
+  rm -f $PKG/usr/info/dir
+  gzip -9 $PKG/usr/info/*
+fi
+if [ -d $PKG/usr/man ]; then
+  ( cd $PKG/usr/man
+    for manpagedir in $(find . -type d -name "man*") ; do
+      ( cd $manpagedir
+        for eachpage in $( find . -type l -maxdepth 1) ; do
+          ln -s $( readlink $eachpage ).gz $eachpage.gz
+          rm $eachpage
+        done
+        gzip -9 *.?
+      )
+    done
+  )
+fi
+
+mkdir -p $PKG/usr/doc/$APP-$VERSION
+cp -a LICENSE OWNERS changelog.txt *.md $CWD/OPENWRT-in-podman.txt \
+  $PKG/usr/doc/$APP-$VERSION
+
+mkdir -p $PKG/install
+[ -f $CWD/doinst.sh ] && cat $CWD/doinst.sh > $PKG/install/doinst.sh
+[ -f $CWD/doinst.sh.gz ] && zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+# Allow to run as non-root until now:
+if [ $(id -u) -ne 0 ]; then
+  echo "*** Running as non-root, skipping makepkg."
+  echo "*** Package contents is in $PKG directory."
+  exit 0
+fi
+
+cd $PKG
+makepkg -l y -c n $TMP/$APP-$VERSION-$ARCH-${BUILD}${TAG}.txz
+
+# Clean up the extra stuff:
+if [ "$1" = "--cleanup" ]; then
+  rm -rf $TMP/$APP-$VERSION
+  rm -rf $PKG
+  rm -rf $GODEVDIR
+fi
+

ap/podman/policy.json

@@ -0,0 +1,14 @@
+{
+    "default": [
+        {
+            "type": "insecureAcceptAnything"
+        }
+    ],
+    "transports":
+        {
+            "docker-daemon":
+                {
+                    "": [{"type":"insecureAcceptAnything"}]
+                }
+        }
+}

ap/podman/registries.conf

@@ -0,0 +1,82 @@
+# For more information on this configuration file, see containers-registries.conf(5).
+#
+# There are multiple versions of the configuration syntax available, where the
+# second iteration is backwards compatible to the first one. Mixing up both
+# formats will result in an runtime error.
+#
+# The initial configuration format looks like this:
+#
+# Registries to search for images that are not fully-qualified.
+# i.e. foobar.com/my_image:latest vs my_image:latest
+[registries.search]
+registries = ['docker.io', 'quay.io', 'registry.fedoraproject.org', 'registry.access.redhat.com', 'registry.centos.org']
+
+# Registries that do not use TLS when pulling images or uses self-signed
+# certificates.
+[registries.insecure]
+registries = []
+
+# Blocked Registries, blocks the `docker daemon` from pulling from the blocked registry.  If you specify
+# "*", then the docker daemon will only be allowed to pull from registries listed above in the search
+# registries.  Blocked Registries is deprecated because other container runtimes and tools will not use it.
+# It is recommended that you use the trust policy file /etc/containers/policy.json to control which
+# registries you want to allow users to pull and push from.  policy.json gives greater flexibility, and
+# supports all container runtimes and tools including the docker daemon, cri-o, buildah ...
+# The atomic CLI `atomic trust` can be used to easily configure the policy.json file.
+[registries.block]
+registries = []
+
+# The second version of the configuration format allows to specify registry
+# mirrors:
+#
+# # An array of host[:port] registries to try when pulling an unqualified image, in order.
+# unqualified-search-registries = ["example.com"]
+#
+# [[registry]]
+# # The "prefix" field is used to choose the relevant [[registry]] TOML table;
+# # (only) the TOML table with the longest match for the input image name
+# # (taking into account namespace/repo/tag/digest separators) is used.
+# #
+# # If the prefix field is missing, it defaults to be the same as the "location" field.
+# prefix = "example.com/foo"
+#
+# # If true, unencrypted HTTP as well as TLS connections with untrusted
+# # certificates are allowed.
+# insecure = false
+#
+# # If true, pulling images with matching names is forbidden.
+# blocked = false
+#
+# # The physical location of the "prefix"-rooted namespace.
+# #
+# # By default, this equal to "prefix" (in which case "prefix" can be omitted
+# # and the [[registry]] TOML table can only specify "location").
+# #
+# # Example: Given
+# #   prefix = "example.com/foo"
+# #   location = "internal-registry-for-example.net/bar"
+# # requests for the image example.com/foo/myimage:latest will actually work with the
+# # internal-registry-for-example.net/bar/myimage:latest image.
+# location = internal-registry-for-example.com/bar"
+#
+# # (Possibly-partial) mirrors for the "prefix"-rooted namespace.
+# #
+# # The mirrors are attempted in the specified order; the first one that can be
+# # contacted and contains the image will be used (and if none of the mirrors contains the image,
+# # the primary location specified by the "registry.location" field, or using the unmodified
+# # user-specified reference, is tried last).
+# #
+# # Each TOML table in the "mirror" array can contain the following fields, with the same semantics
+# # as if specified in the [[registry]] TOML table directly:
+# # - location
+# # - insecure
+# [[registry.mirror]]
+# location = "example-mirror-0.local/mirror-for-foo"
+# [[registry.mirror]]
+# location = "example-mirror-1.local/mirrors/foo"
+# insecure = true
+# # Given the above, a pull of example.com/foo/image:latest will try:
+# # 1. example-mirror-0.local/mirror-for-foo/image:latest
+# # 2. example-mirror-1.local/mirrors/foo/image:latest
+# # 3. internal-registry-for-example.net/bar/myimage:latest
+# # in order, and use the first one that exists.

ap/podman/slack-desc

@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct.  It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+      |-----handy-ruler------------------------------------------------------|
+podman: podman (utility to run OCI-based containers)
+podman:
+podman: libpod provides a library for applications looking to use the
+podman: Container Pod concept popularized by Kubernetes. libpod also contains
+podman: a tool called podman for managing Pods, Containers, and Container
+podman: Images.
+podman:
+podman: Site: https://github.com/containers/libpod
+podman:
+podman:
+podman: