From 407c665d51b047fb18125b9c3ab3174248a856e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kai=20L=C3=BCke?= Date: Wed, 21 Apr 2021 18:03:11 +0200 Subject: [PATCH] Drop app-emulation/rkt and app-admin/kubelet-wrapper The rkt container runtime is deprecated and not used anymore except for the kubelet-wrapper script. This script can't be ported to Docker because it is used by the user with rkt-specific arguments and it is only a wrapper around the deprecated hyperkube images (and has been broken for the last K8s releases). The recommended way is to run the kubelet binary directly on the host. --- .../kubelet-wrapper/files/kubelet-wrapper | 91 ----------- .../kubelet-wrapper-0.0.4-r1.ebuild | 25 --- .../app-admin/kubelet-wrapper/metadata.xml | 4 - .../coreos-overlay/app-emulation/rkt/Manifest | 2 - .../app-emulation/rkt/files/sysusers.conf | 3 - .../app-emulation/rkt/metadata.xml | 17 -- .../app-emulation/rkt/rkt-1.30.0-r2.ebuild | 1 - .../app-emulation/rkt/rkt-9999.ebuild | 151 ------------------ .../coreos-base/coreos/coreos-0.0.1.ebuild | 2 - .../profiles/coreos/base/package.mask | 4 - 10 files changed, 300 deletions(-) delete mode 100755 sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/files/kubelet-wrapper delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/kubelet-wrapper-0.0.4-r1.ebuild delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/metadata.xml delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/Manifest delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/files/sysusers.conf delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/metadata.xml delete mode 120000 sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/rkt-1.30.0-r2.ebuild delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/rkt-9999.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/files/kubelet-wrapper b/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/files/kubelet-wrapper deleted file mode 100755 index 0b13cbc2a4..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/files/kubelet-wrapper +++ /dev/null @@ -1,91 +0,0 @@ -#!/bin/bash -# Wrapper for launching kubelet via rkt-fly. -# -# Make sure to set KUBELET_IMAGE_TAG to an image tag published here: -# https://quay.io/repository/coreos/hyperkube?tab=tags Alternatively, -# override KUBELET_IMAGE to a custom image. - -set -e - -function require_ev_all() { - for rev in $@ ; do - if [[ -z "${!rev}" ]]; then - echo "${rev}" is not set - exit 1 - fi - done -} - -function require_ev_one() { - for rev in $@ ; do - if [[ ! -z "${!rev}" ]]; then - return - fi - done - echo One of $@ must be set - exit 1 -} - -if [[ -n "${KUBELET_VERSION}" ]]; then - echo KUBELET_VERSION environment variable is deprecated, please use KUBELET_IMAGE_TAG instead -fi - -if [[ -n "${KUBELET_ACI}" ]]; then - echo KUBELET_ACI environment variable is deprecated, please use the KUBELET_IMAGE_URL instead -fi - -if [[ -n "${RKT_OPTS}" ]]; then - echo RKT_OPTS environment variable is deprecated, please use the RKT_RUN_ARGS instead -fi - -KUBELET_IMAGE_TAG="${KUBELET_IMAGE_TAG:-${KUBELET_VERSION}}" - -require_ev_one KUBELET_IMAGE KUBELET_IMAGE_TAG - -KUBELET_IMAGE_URL="${KUBELET_IMAGE_URL:-${KUBELET_ACI:-docker://quay.io/coreos/hyperkube}}" -KUBELET_IMAGE="${KUBELET_IMAGE:-${KUBELET_IMAGE_URL}:${KUBELET_IMAGE_TAG}}" - -RKT_RUN_ARGS="${RKT_RUN_ARGS} ${RKT_OPTS}" - -if [[ "${KUBELET_IMAGE%%/*}" == "quay.io" ]] && ! (echo "${RKT_RUN_ARGS}" | grep -q trust-keys-from-https); then - RKT_RUN_ARGS="${RKT_RUN_ARGS} --trust-keys-from-https" -elif [[ "${KUBELET_IMAGE%%/*}" == "docker:" ]] && ! (echo "${RKT_RUN_ARGS}" | grep -q insecure-options); then - RKT_RUN_ARGS="${RKT_RUN_ARGS} --insecure-options=image" -fi - -mkdir --parents /etc/kubernetes -mkdir --parents /var/lib/docker -mkdir --parents /var/lib/kubelet -mkdir --parents /run/kubelet - -RKT="${RKT:-/usr/bin/rkt}" -RKT_STAGE1_ARG="${RKT_STAGE1_ARG:---stage1-from-dir=stage1-fly.aci}" -KUBELET_IMAGE_ARGS=${KUBELET_IMAGE_ARGS:---exec=/kubelet} -set -x -exec ${RKT} ${RKT_GLOBAL_ARGS} \ - run ${RKT_RUN_ARGS} \ - --volume coreos-etc-kubernetes,kind=host,source=/etc/kubernetes,readOnly=false \ - --volume coreos-etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \ - --volume coreos-usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ - --volume coreos-var-lib-docker,kind=host,source=/var/lib/docker,readOnly=false \ - --volume coreos-var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false,recursive=true \ - --volume coreos-var-log,kind=host,source=/var/log,readOnly=false \ - --volume coreos-os-release,kind=host,source=/usr/lib/os-release,readOnly=true \ - --volume coreos-run,kind=host,source=/run,readOnly=false \ - --volume coreos-lib-modules,kind=host,source=/lib/modules,readOnly=true \ - --volume coreos-etc-machine-id,kind=host,source=/etc/machine-id,readOnly=true \ - --mount volume=coreos-etc-kubernetes,target=/etc/kubernetes \ - --mount volume=coreos-etc-ssl-certs,target=/etc/ssl/certs \ - --mount volume=coreos-usr-share-certs,target=/usr/share/ca-certificates \ - --mount volume=coreos-var-lib-docker,target=/var/lib/docker \ - --mount volume=coreos-var-lib-kubelet,target=/var/lib/kubelet \ - --mount volume=coreos-var-log,target=/var/log \ - --mount volume=coreos-os-release,target=/etc/os-release \ - --mount volume=coreos-run,target=/run \ - --mount volume=coreos-lib-modules,target=/lib/modules \ - --mount volume=coreos-etc-machine-id,target=/etc/machine-id \ - --hosts-entry host \ - ${RKT_STAGE1_ARG} \ - ${KUBELET_IMAGE} \ - ${KUBELET_IMAGE_ARGS} \ - -- "$@" diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/kubelet-wrapper-0.0.4-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/kubelet-wrapper-0.0.4-r1.ebuild deleted file mode 100644 index 813a654d90..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/kubelet-wrapper-0.0.4-r1.ebuild +++ /dev/null @@ -1,25 +0,0 @@ -# -# Copyright (c) 2015 CoreOS, Inc.. All rights reserved. -# Distributed under the terms of the GNU General Public License v2 -# $Header:$ -# - -EAPI=6 - -DESCRIPTION="Kubernetes Container Manager" -HOMEPAGE="http://kubernetes.io/" -KEYWORDS="amd64 arm64" - -LICENSE="Apache-2.0" -SLOT="0" -IUSE="" - -RDEPEND=">=app-emulation/rkt-1.9.1[rkt_stage1_fly]" - -# work around ${WORKDIR}/${P} not existing -S=${WORKDIR} - -src_install() { - exeinto /usr/lib/flatcar - doexe "${FILESDIR}"/kubelet-wrapper -} diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/metadata.xml deleted file mode 100644 index 097975e3ad..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/metadata.xml +++ /dev/null @@ -1,4 +0,0 @@ - - - - diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/Manifest b/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/Manifest deleted file mode 100644 index 2f42ae562b..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/Manifest +++ /dev/null @@ -1,2 +0,0 @@ -DIST rkt-pxe-amd64-usr-1478.0.0.img 264382497 SHA256 9897f9e78e207da42a75d03f7ff74c4400dce15843b752adcb3182ebe66c9868 SHA512 5f462b6223a141d72a38857fff26f4f70c0a36f21d1cc69623d946ba42f8b15fa994f222b1934cd16cc5b4e306cf5a8850295492dfb637f2a8fee8b774d7c1e4 WHIRLPOOL 6eed288afed99f26c892af4fdfea23bde5cb617918d34ba7132765bf11bdfc478f364b123d4c505d474740b5381b7f149dba856288ea59dbb5171782975d821b -DIST rkt-pxe-arm64-usr-1478.0.0.img 202610087 SHA256 30242967a3d86d0e0b4fc22017aea6a192b281dce97865f11e623ffca3363f11 SHA512 a91cb5fb40a522d8e624520aae9046ce5ac1756253191b704af52286af2ac29c10fa9053c4d115745125333a4b403aa792dfe16a3c3181e014505b8f8d10d147 WHIRLPOOL b2bf47ae2897c0b1e7070fa17c1dd8d4156ce0cae3136100f7efce6258f677f15470c191803ee7ee50eac53b74bfb9a5df4d1724684a12f40c47a6186520c744 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/files/sysusers.conf b/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/files/sysusers.conf deleted file mode 100644 index 895fe60b57..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/files/sysusers.conf +++ /dev/null @@ -1,3 +0,0 @@ -g rkt-admin - - - -g rkt 251 - - -m core rkt - - diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/metadata.xml deleted file mode 100644 index 919084c4bb..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/metadata.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - rkt is a new container runtime, designed for composability, security, - and speed. Today we are releasing a prototype version on GitHub to begin - gathering feedback from our community and explain why we are building - rkt. - - - Install the actool for ACI manipulation - Download and use a prebuilt stage1.aci from CoreOS - Build the experimental fly stage1 for chroot-only isolation - Build the stage1.aci from source - Assemble stage1.aci from host binaries - - diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/rkt-1.30.0-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/rkt-1.30.0-r2.ebuild deleted file mode 120000 index e476440198..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/rkt-1.30.0-r2.ebuild +++ /dev/null @@ -1 +0,0 @@ -rkt-9999.ebuild \ No newline at end of file diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/rkt-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/rkt-9999.ebuild deleted file mode 100644 index 0f21e8c487..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/rkt-9999.ebuild +++ /dev/null @@ -1,151 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -AUTOTOOLS_AUTORECONF=yes -AUTOTOOLS_IN_SOURCE_BUILD=yes - -COREOS_GO_VERSION=go1.12 - -inherit autotools flag-o-matic systemd toolchain-funcs multilib -inherit cros-workon coreos-go-depend - -CROS_WORKON_PROJECT="rkt/rkt" -CROS_WORKON_LOCALNAME="rkt" -CROS_WORKON_REPO="git://github.com" - -if [[ "${PV}" == "9999" ]]; then - KEYWORDS="~amd64 ~arm64" -else - KEYWORDS="amd64 arm64" - CROS_WORKON_COMMIT="e04dd994baa1051f1205578d12d69eec83dbb905" # v1.30.0 -fi - -PXE_VERSION="1478.0.0" -PXE_SYSTEMD_VERSION="v233" -PXE_FILE="${PN}-pxe-${ARCH}-usr-${PXE_VERSION}.img" - -PXE_URI_AMD64="https://alpha.release.core-os.net/amd64-usr/${PXE_VERSION}/coreos_production_pxe_image.cpio.gz" -PXE_URI_ARM64="https://alpha.release.core-os.net/arm64-usr/${PXE_VERSION}/coreos_production_pxe_image.cpio.gz" - -PXE_FILE_AMD64="${PN}-pxe-amd64-usr-${PXE_VERSION}.img" -PXE_FILE_ARM64="${PN}-pxe-arm64-usr-${PXE_VERSION}.img" - -SRC_URI="rkt_stage1_coreos? ( - amd64? ( ${PXE_URI_AMD64} -> ${PXE_FILE_AMD64} ) - arm64? ( ${PXE_URI_ARM64} -> ${PXE_FILE_ARM64} ) -)" - -DESCRIPTION="A CLI for running app containers, and an implementation of the App -Container Spec." -HOMEPAGE="https://github.com/rkt/rkt" - -LICENSE="Apache-2.0" -SLOT="0" -IUSE="doc examples +rkt_stage1_coreos +rkt_stage1_fly rkt_stage1_host rkt_stage1_src tpm" -REQUIRED_USE="|| ( rkt_stage1_coreos rkt_stage1_fly rkt_stage1_host rkt_stage1_src )" - -COMMON_DEPEND="sys-apps/acl - tpm? ( app-crypt/trousers )" -DEPEND="app-arch/cpio - sys-fs/squashfs-tools - rkt_stage1_src? ( - >=sys-apps/systemd-222 - app-shells/bash - ) - ${COMMON_DEPEND}" -RDEPEND="!app-emulation/rocket - rkt_stage1_host? ( - >=sys-apps/systemd-220 - app-shells/bash - ) - ${COMMON_DEPEND}" - -BUILDDIR="build-${P}" - -STAGE1INSTALLDIR="" -STAGE1FIRST="" -STAGE1FLAVORS="" - -function add_stage1() { - if [[ ${STAGE1FIRST} == "" ]]; then - STAGE1FIRST=$1 - STAGE1FLAVORS=$1 - else - STAGE1FLAVORS="${STAGE1FLAVORS},$1" - fi -} - -src_prepare() { - eapply_user - - STAGE1INSTALLDIR="/usr/$(get_libdir)/rkt/stage1-images" - - # ensure we use a CoreOS PXE image version that matches rkt's expectations. - local rkt_coreos_version=$(awk '/^CCN_IMG_RELEASE/ { print $3 }' stage1/usr_from_coreos/coreos-common.mk) - if [ "${rkt_coreos_version}" != "${PXE_VERSION}" ]; then - die "CoreOS versions in ebuild and rkt build scripts are mismatched, expecting ${rkt_coreos_version}!" - fi - - eautoreconf -} - -src_configure() { - local myeconfargs=() - - if use rkt_stage1_coreos; then - add_stage1 "coreos" - myeconfargs+=( --with-coreos-local-pxe-image-path="${DISTDIR}/${PXE_FILE}" ) - myeconfargs+=( --with-coreos-local-pxe-image-systemd-version="${PXE_SYSTEMD_VERSION}" ) - fi - if use rkt_stage1_fly; then - add_stage1 "fly" - fi - if use rkt_stage1_host; then - add_stage1 "host" - fi - if use rkt_stage1_src; then - add_stage1 "src" - fi - - myeconfargs+=( $(use_enable tpm) ) - - myeconfargs+=( --with-stage1-flavors="${STAGE1FLAVORS}" ) - myeconfargs+=( --with-stage1-default-location="${STAGE1INSTALLDIR}/stage1-${STAGE1FIRST}.aci" ) - - go_export - export BUILDDIR - export V=1 - - econf "${myeconfargs[@]}" -} - -src_install() { - dodoc README.md - use doc && dodoc -r Documentation - use examples && dodoc -r examples - - dobin "${S}/${BUILDDIR}/target/bin"/rkt - - einfo The following stage1 ACIs have been installed to ${STAGE1INSTALLDIR}: - insinto ${STAGE1INSTALLDIR} - for stage1aci in "${S}/${BUILDDIR}/target/bin"/stage1-*.aci; do - doins "${stage1aci}" - einfo $(basename "${stage1aci}") - done - - # symlink old stage1 aci directory to the new install location - dosym ../$(get_libdir)/rkt/stage1-images /usr/share/rkt - - systemd_dounit "${S}"/dist/init/systemd/${PN}-gc.service - systemd_dounit "${S}"/dist/init/systemd/${PN}-gc.timer - systemd_enable_service multi-user.target ${PN}-gc.timer - systemd_dounit "${S}"/dist/init/systemd/${PN}-metadata.service - systemd_dounit "${S}"/dist/init/systemd/${PN}-metadata.socket - systemd_enable_service sockets.target ${PN}-metadata.socket - systemd_dotmpfilesd "${S}"/dist/init/systemd/tmpfiles.d/${PN}.conf - - insinto /usr/lib/sysusers.d/ - newins "${FILESDIR}"/sysusers.conf ${PN}.conf -} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild index be78847cdb..0ee4c5102b 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild @@ -89,7 +89,6 @@ RDEPEND="${RDEPEND} RDEPEND="${RDEPEND} app-admin/etcd-wrapper app-admin/flannel-wrapper - app-admin/kubelet-wrapper app-admin/locksmith app-admin/mayday app-admin/sdnotify-proxy @@ -103,7 +102,6 @@ RDEPEND="${RDEPEND} app-crypt/gnupg app-crypt/tpmpolicy app-editors/vim - app-emulation/rkt app-emulation/actool app-emulation/cri-tools app-misc/ca-certificates diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask index c381183244..f1c25e8969 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask @@ -11,10 +11,6 @@ # certificate store provided in NSS rather than the Gentoo/Debian package. >=app-misc/ca-certificates-20000000 -# mask an accidental rkt major version bump to ensure it's not chosen over more -# recent releases -=app-emulation/rkt-13.0 - # Since version 2, it tries to write liblto symlinks with absolute paths that # don't work when building for the board root directories. >=sys-devel/gcc-config-2