feat(container): add podman as container runtime

.gitmodules

@@ -6,3 +6,11 @@
 	path = layers/openembedded-core
 	url = ssh://git@bitbucket.gad.local:7999/ico/openembedded-core.git
 	branch = kirkstone
+[submodule "layers/meta-openembedded"]
+	path = layers/meta-openembedded
+	url = git://git.openembedded.org/meta-openembedded
+	branch = kirkstone
+[submodule "layers/meta-virtualization"]
+	path = layers/meta-virtualization
+	url = git://git.yoctoproject.org/meta-virtualization
+	branch = kirkstone

layers/meta-belden-coreos-bsp/classes/coreos-bsp-config.bbclass

@@ -9,6 +9,7 @@
 
 # EFI is a requirement for CoreOS
 MACHINE_FEATURES:append = "efi"
+MACHINE_FEATURES:remove:container = "efi"
 
 # If a bootloader is used, it should be systemd-boot and not grub-efi as set
 # in packagegroup-core-boot by default.

layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-machine/container.inc

@@ -1,5 +1,6 @@
 
-IMAGE_FSTYPES += "container"
+IMAGE_FSTYPES += "container oci"
+IMGCLASSES:append = " image-oci"
 
 # Add an override that work for all container image
 MACHINEOVERRIDES =. "container:"

layers/meta-belden-coreos-bsp/recipes-kernel/linux/linux-yocto_5.15.bbappend

@@ -1,8 +1,8 @@
-KMACHINE:pc-x64 ?= "common-pc-64"
+KMACHINE:vm-x64 ?= "common-pc-64"
-COMPATIBLE_MACHINE:pc-x64 = "pc-x64"
+COMPATIBLE_MACHINE:vm-x64 = "vm-x64"
 
 # Enable some kernel features related to virtualiuzation
-KERNEL_FEATURES:append:pc-x64=" cfg/virtio.scc cfg/paravirt_kvm.scc"
+KERNEL_FEATURES:append:vm-x64=" cfg/virtio.scc cfg/paravirt_kvm.scc"
 
 KBRANCH:beaglebone = "v5.15/standard/beaglebone"
 KMACHINE:beaglebone ?= "beaglebone"

layers/meta-belden-coreos/classes/coreos-image.bbclass

@@ -6,6 +6,34 @@ FEATURE_PACKAGES_tools-debug = "packagegroup-core-tools-debug"
 FEATURE_PACKAGES_tools-profile = "packagegroup-core-tools-profile"
 FEATURE_PACKAGES_hwcodecs = "${MACHINE_HWCODECS}"
 
+FEATURE_PACKAGES_container = "packagegroup-coreos-container"
+FEATURE_PACKAGES_container-dev-tools = "packagegroup-coreos-container-dev-tools"
+FEATURE_PACKAGES_container-cockpit = "cockpit-podman"
+
+# The cockpit feature automatically install the corresponding
+# *-cockpit FEATURES_PACKAGES for any image features
+FEATURE_PACKAGES_cockpit = "packagegroup-coreos-cockpit ${@get_feature_packages_with_suffix('cockpit', d)}"
+
+# The dev-tools feature automatically install the corresponding
+# *-dev-tools FEATURES_PACKAGES for any image features
+FEATURE_PACKAGES_dev-tools = "${@get_feature_packages_with_suffix('dev-tool', d)}"
+
+def get_feature_packages_with_suffix(suffix, d):
+    """
+    For each feature inside IMAGE_FEATURES, look if a FEATURE_PACKAGE variable
+    exist for {feature}-{suffix}.
+
+    Return a list of all the value of the corresponding FEATURE_PACKAGE founded.
+    """
+    images_features = d.getVar('IMAGE_FEATURES').split()
+    result = ""
+
+    for feature in images_features:
+        tools = d.getVar(f'FEATURE_PACKAGES_{feature}-{suffix}')
+        if tools:
+            result += f" {tools}"    
+    return result
+
 MACHINE_HWCODECS ??= ""
 
 # These image features are CoreOS specifics:
@@ -21,6 +49,7 @@ FEATURE_PACKAGES_ssh-server = "packagegroup-core-ssh-dropbear"
 # see [Yocto #14858] for more information
 PACKAGE_EXCLUDE_COMPLEMENTARY:append = "${@bb.utils.contains_any('PACKAGE_INSTALL', 'packagegroup-core-ssh-dropbear dropbear', 'openssh', '' , d)}"
 
+
 # We can handle feature that conflicts with either:
 
 # IMAGE_FEATURES_REPLACES_foo = 'bar1 bar2'
@@ -38,6 +67,11 @@ COREOS_IMAGE_BASE_INSTALL = '\
     os-release \
     '
 
+COREOS_IMAGE_BASE_INSTALL:container = '\
+    packagegroup-base \
+    os-release \
+    '
+
 COREOS_IMAGE_EXTRA_INSTALL ?= ""
 
 IMAGE_INSTALL ?= "${COREOS_IMAGE_BASE_INSTALL} ${COREOS_IMAGE_EXTRA_INSTALL}"

layers/meta-belden-coreos/conf/distro/belden-coreos.conf

@@ -13,9 +13,9 @@ DISTRO_CODENAME = "kirkstone"
 PACKAGE_CLASSES = "package_ipk"
 INIT_MANAGER = "systemd"
 
-DISTRO_FEATURES_DEFAULT ?= "bluetooth usbhost pci ipv4 ipv6 wifi multiarch usrmerge ptest efi"
+DISTRO_FEATURES_DEFAULT ?= "bluetooth usbhost pci ipv4 ipv6 wifi multiarch usrmerge ptest efi pam"
 DISTRO_FEATURES ?= "${DISTRO_FEATURES_DEFAULT}"
-DISTRO_FEATURES_BACKFILL_CONSIDERED = "pulseaudio gobject-introspection-data ldconfig"
+DISTRO_FEATURES_BACKFILL_CONSIDERED = "pulseaudio ldconfig"
 DISTRO_EXTRA_RDEPENDS += "packagegroup-core-boot"
 
 # Build configuration
@@ -63,3 +63,12 @@ SDKPATHINSTALL = "/opt/${DISTRO}/${SDK_VERSION}"
 
 INHERIT += "coreos-bsp-config"
 INHERIT += "coreos-efi-secureboot"
+
+# Virtualization configuration
+# ==============================================================================
+
+# Use crun insted of runc as a OCI runtime. crun is faster and need less memory
+# than runc so it's a better fit for embedded
+#PREFERRED_PROVIDER_virtual/runc = "crun"
+PACKAGECONFIG:append:pn-podman = " rootless"
+DISTRO_FEATURES_DEFAULT += "virtualization seccomp ipv6"

layers/meta-belden-coreos/recipes-core/images/coreos-image-full-cmdline.bb

@@ -3,5 +3,5 @@ functionality installed."
 
 inherit coreos-image
 
-IMAGE_FEATURES += "ssh-server"
+IMAGE_FEATURES += "ssh-server container dev-tools cockpit"
 IMAGE_INSTALL:append = " packagegroup-core-full-cmdline"

layers/meta-belden-coreos/recipes-core/images/coreos-image-minimal-dev.bb

@@ -3,4 +3,4 @@ require coreos-image-minimal.bb
 DESCRIPTION = "A small image just capable of allowing a device to boot and \
 is suitable for development work."
 
-IMAGE_FEATURES += "dev-pkgs"
+IMAGE_FEATURES += "dev-pkgs dev-tools"

layers/meta-belden-coreos/recipes-core/packagegroups/packagegroup-coreos-cockpit.bb

@@ -0,0 +1,21 @@
+SUMMARY = "Add cockpit web management"
+DESCRIPTION = "Cockpit makes it easy to administer your GNU/Linux servers via a web browser"
+
+inherit packagegroup
+
+
+PACKAGES = "\
+    ${PN} \
+"
+
+RDEPENDS:${PN} = "\
+    cockpit \
+    cockpit-ws \
+    cockpit-shell \
+    cockpit-systemd \
+    cockpit-users \
+    cockpit-dashboard \
+    cockpit-kdump \
+    cockpit-sosreport \
+    cockpit-tuned \
+"

layers/meta-belden-coreos/recipes-core/packagegroups/packagegroup-coreos-container.bb

@@ -0,0 +1,18 @@
+SUMMARY = "Add containers runtime and management"
+DESCRIPTION = "Add containers runtime and management"
+
+inherit packagegroup
+
+
+PACKAGES = "\
+    ${PN} \
+    ${PN}-dev-tools \
+"
+
+RDEPENDS:${PN} = "\
+    podman \
+"
+
+RDEPENDS:${PN}-dev-tools = "\
+    podman-tui \
+"

layers/meta-belden-coreos/recipes-webadmin/cockpit-podman/cockpit-podman_57.bb

@@ -0,0 +1,32 @@
+SUMMARY = "The Cockpit user interface for Podman containers."
+DESCRIPTION = "This is the Cockpit user interface for podman containers."
+
+LICENSE = "LGPL-2.1-only"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=4fbd65380cdd255951079008b364516c"
+
+SRC_URI += " \
+    https://github.com/cockpit-project/cockpit-podman/releases/download/${PV}/cockpit-podman-${PV}.tar.xz \
+    "
+SRC_URI[sha256sum] = "a42d7dfabdd1a058c5b0f502bfd9380542d9666f047316ea1ff114e7b1db0877"
+
+RDEPENDS:${PN} += "cockpit-bridge podman"
+
+inherit allarch gettext
+
+DEPENDS += "intltool-native virtual/gettext"
+
+S = "${WORKDIR}/${BPN}"
+
+
+FILES:${PN} += " \
+    ${datadir}/cockpit/podman \
+    ${datadir}/metainfo/org.cockpit-project.podman.metainfo.xml \
+"
+
+do_buid() {
+    :
+}
+
+do_install() {
+    oe_runmake install DESTDIR=${D}
+}

layers/meta-openembedded

@@ -0,0 +1 @@
+Subproject commit 50d4a8d2a983a68383ef1ffec2c8e21adf0c1a79

layers/meta-virtualization

@@ -0,0 +1 @@
+Subproject commit 9a487c1851aa2021cf24f951957e22fd429c8025