package/buildah: new package

Adds both host and target packages for buildah.

Buildah is a tool that facilitates building OCI images.

https://github.com/containers/buildah

The buildah tree does not ship with a default policy.json file, and instead
relies on packagers to provide one. A patch is added to create a basic barebones
policy.json which is installed to /etc/containers/policy.json with a hook.

Signed-off-by: Christian Stewart <christian@aperture.us>

---

v1 -> v2:

 - add package to developers
 - add host runc dependency for host package
 - add libgpgme runtime dependency

v2 -> v3:

 - add policy.json to target: required by some commands
 - example: buildah pull docker.io/library/alpine
 - pull: tested on raspberry pi 4

v3 -> v4:

 - TODO: move policy.json to package dir
 - https://lists.buildroot.org/pipermail/buildroot/2022-January/634936.html
 - bump to version v1.32.1
 - https://github.com/containers/buildah/releases/tag/v1.32.1

v4 -> v5:

- bump to version 1.35.x

Signed-off-by: Christian Stewart <christian@aperture.us>

DEVELOPERS

@@ -610,6 +610,7 @@ N:	Christian Stewart <christian@aperture.us>
 F:	boot/refind/
 F:	package/balena-engine/
 F:	package/batman-adv/
+F:	package/buildah/
 F:	package/catatonit/
 F:	package/cni-plugins/
 F:	package/conmon/

package/Config.in

@@ -2803,6 +2803,7 @@ menu "System tools"
 	source "package/audit/Config.in"
 	source "package/balena-engine/Config.in"
 	source "package/bubblewrap/Config.in"
+	source "package/buildah/Config.in"
 	source "package/cgroupfs-mount/Config.in"
 	source "package/circus/Config.in"
 	source "package/conmon/Config.in"

package/Config.in.host

@@ -11,6 +11,7 @@ menu "Host utilities"
 	source "package/bmap-tools/Config.in.host"
 	source "package/bootgen/Config.in.host"
 	source "package/btrfs-progs/Config.in.host"
+	source "package/buildah/Config.in.host"
 	source "package/cbootimage/Config.in.host"
 	source "package/checkpolicy/Config.in.host"
 	source "package/checksec/Config.in.host"

package/buildah/0001-contrib-add-buildroot-policy-json.patch

@@ -0,0 +1,38 @@
+From 6808cfa788f03fca36a41202d9475ee5bc9feac7 Mon Sep 17 00:00:00 2001
+From: Christian Stewart <christian@paral.in>
+Date: Wed, 26 Jan 2022 22:07:09 -0800
+Subject: [PATCH] contrib: add buildroot policy json
+
+Buildah does not ship a default policy.json in-tree.
+
+Signed-off-by: Christian Stewart <christian@paral.in>
+---
+ contrib/buildroot/policy.json | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+ create mode 100644 contrib/buildroot/policy.json
+
+diff --git a/contrib/buildroot/policy.json b/contrib/buildroot/policy.json
+new file mode 100644
+index 00000000..d8c638a0
+--- /dev/null
++++ b/contrib/buildroot/policy.json
+@@ -0,0 +1,16 @@
++{
++  "default": [
++    {
++      "type": "insecureAcceptAnything"
++    }
++  ],
++  "transports": {
++    "docker-daemon": {
++      "": [
++        {
++          "type": "insecureAcceptAnything"
++        }
++      ]
++    }
++  }
++}
+-- 
+2.35.0
+

package/buildah/Config.in

@@ -0,0 +1,23 @@
+config BR2_PACKAGE_BUILDAH
+	bool "buildah"
+	depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS
+	depends on BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS
+	depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS # libgpgme -> libgpg-error
+	depends on BR2_TOOLCHAIN_HAS_THREADS # runc
+	depends on BR2_USE_MMU # libgpgme -> libassuan
+	depends on !BR2_TOOLCHAIN_USES_UCLIBC # runc -> no fexecve
+	# gnupg and runc are not needed to build, but at runtime.
+	select BR2_PACKAGE_LIBGPGME
+	select BR2_PACKAGE_GNUPG if !BR2_PACKAGE_GNUPG2
+	select BR2_PACKAGE_LIBGPG_ERROR
+	select BR2_PACKAGE_LIBASSUAN
+	select BR2_PACKAGE_RUNC
+	help
+	  Buildah is a tool that facilitates building OCI images.
+
+	  https://github.com/containers/buildah
+
+comment "buildah needs a glibc or musl toolchain w/ threads"
+	depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS && \
+		BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS
+	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_TOOLCHAIN_USES_UCLIBC

package/buildah/Config.in.host

@@ -0,0 +1,8 @@
+config BR2_PACKAGE_HOST_BUILDAH
+	bool "host buildah"
+	depends on BR2_PACKAGE_HOST_GO_HOST_ARCH_SUPPORTS
+	select BR2_PACKAGE_HOST_RUNC
+	help
+	  Buildah is a tool that facilitates building OCI images.
+
+	  https://github.com/containers/buildah

package/buildah/buildah.hash

@@ -0,0 +1,3 @@
+# Locally calculated
+sha256  7d655453d6ff150503a4ecd61481622d83735f89fc69cf1805f0d3a1619c8c2c  buildah-1.35.4-go2.tar.gz
+sha256  b40930bbcf80744c86c46a12bc9da056641d722716c378f5659b9e555ef833e1  LICENSE

package/buildah/buildah.mk

@@ -0,0 +1,46 @@
+################################################################################
+#
+# buildah
+#
+################################################################################
+
+BUILDAH_VERSION = 1.35.4
+BUILDAH_SITE = $(call github,containers,buildah,v$(BUILDAH_VERSION))
+
+BUILDAH_LICENSE = Apache-2.0
+BUILDAH_LICENSE_FILES = LICENSE
+
+BUILDAH_DEPENDENCIES = libgpgme
+
+BUILDAH_CPE_ID_VENDOR = buildah_project
+BUILDAH_CPE_ID_PRODUCT = buildah
+
+BUILDAH_TAGS = \
+	cgo \
+	exclude_graphdriver_aufs \
+	exclude_graphdriver_btrfs \
+	exclude_graphdriver_devicemapper \
+	exclude_graphdriver_zfs
+BUILDAH_BUILD_TARGETS = cmd/buildah
+BUILDAH_GOMOD = github.com/containers/buildah
+
+BUILDAH_LDFLAGS = \
+	-X $(BUILDAH_GOMOD)/cmd/buildah.GitCommit=v$(BUILDAH_VERSION) \
+	-X $(BUILDAH_GOMOD)/define.Version=v$(BUILDAH_VERSION)
+
+BUILDAH_INSTALL_BINS = $(notdir $(BUILDAH_BUILD_TARGETS))
+
+define BUILDAH_INSTALL_CONFIG
+	$(INSTALL) -D -m 644 $(@D)/contrib/buildroot/policy.json \
+		$(TARGET_DIR)/etc/containers/policy.json
+endef
+
+BUILDAH_POST_INSTALL_TARGET_HOOKS += BUILDAH_INSTALL_CONFIG
+
+HOST_BUILDAH_BUILD_TARGETS = $(BUILDAH_BUILD_TARGETS)
+HOST_BUILDAH_TAGS = $(BUILDAH_TAGS)
+HOST_BUILDAH_LDFLAGS = $(BUILDAH_LDFLAGS)
+HOST_BUILDAH_INSTALL_BINS = $(BUILDAH_INSTALL_BINS)
+
+$(eval $(golang-package))
+$(eval $(host-golang-package))