Merge pull request #1655 from flatcar/tormath1/exp-incus

sysext: add built-in Incus sysext image

Author: tormath1

.github/workflows/portage-stable-packages-list

@@ -8,10 +8,13 @@ acct-group/disk
 acct-group/dnsmasq
 acct-group/docker
 acct-group/floppy
+acct-group/incus
+acct-group/incus-admin
 acct-group/input
 acct-group/kmem
 acct-group/kvm
 acct-group/lp
+acct-group/lxc
 acct-group/man
 acct-group/messagebus
 acct-group/named
@@ -45,6 +48,7 @@ acct-group/video
 acct-group/wheel
 
 acct-user/dnsmasq
+acct-user/lxc
 acct-user/man
 acct-user/messagebus
 acct-user/named
@@ -116,6 +120,8 @@ app-containers/crun
 app-containers/docker
 app-containers/docker-buildx
 app-containers/docker-cli
+app-containers/incus
+app-containers/lxc
 app-containers/netavark
 app-containers/podman
 app-containers/runc
@@ -226,6 +232,7 @@ dev-lang/tcl
 dev-lang/yasm
 
 dev-libs/cJSON
+dev-libs/cowsql
 dev-libs/cyrus-sasl
 dev-libs/dbus-glib
 dev-libs/ding-libs
@@ -278,6 +285,7 @@ dev-libs/opensc
 dev-libs/openssl
 dev-libs/popt
 dev-libs/protobuf
+dev-libs/raft
 dev-libs/tree-sitter
 dev-libs/tree-sitter-bash
 dev-libs/userspace-rcu
@@ -371,6 +379,7 @@ dev-util/perf
 dev-util/pkgcheck
 dev-util/pkgconf
 dev-util/re2c
+dev-util/xdelta
 
 dev-vcs/git
 
@@ -658,6 +667,7 @@ sys-fs/fuse-common
 sys-fs/fuse-overlayfs
 sys-fs/lsscsi
 sys-fs/lvm2
+sys-fs/lxcfs
 sys-fs/mdadm
 sys-fs/mtools
 sys-fs/multipath-tools

build_library/extra_sysexts.sh

@@ -1,13 +1,14 @@
 EXTRA_SYSEXTS=(
-  "zfs|sys-fs/zfs"
-  "podman|app-containers/podman,net-misc/passt"
-  "python|dev-lang/python,dev-python/pip"
+  "incus|app-containers/incus"
   "nvidia-drivers-535|x11-drivers/nvidia-drivers:0/535|-kernel-open persistenced|amd64"
   "nvidia-drivers-535-open|x11-drivers/nvidia-drivers:0/535|kernel-open persistenced|amd64"
   "nvidia-drivers-550|x11-drivers/nvidia-drivers:0/550|-kernel-open persistenced|amd64"
   "nvidia-drivers-550-open|x11-drivers/nvidia-drivers:0/550|kernel-open persistenced|amd64"
   "nvidia-drivers-570|x11-drivers/nvidia-drivers:0/570|-kernel-open persistenced|amd64"
   "nvidia-drivers-570-open|x11-drivers/nvidia-drivers:0/570|kernel-open persistenced|amd64"
+  "podman|app-containers/podman,net-misc/passt"
+  "python|dev-lang/python,dev-python/pip"
+  "zfs|sys-fs/zfs"
 )
 
 _get_unversioned_sysext_packages_unsorted() {

build_library/sysext_mangle_flatcar-incus

@@ -0,0 +1,28 @@
+#!/bin/bash
+
+set -euo pipefail
+rootfs="${1}"
+
+pushd "${rootfs}"
+
+pushd ./usr/lib/systemd/system
+mkdir -p "multi-user.target.d"
+{ echo "[Unit]"; echo "Upholds=incus.service"; } > "multi-user.target.d/10-incus.conf"
+popd
+
+mkdir -p ./usr/lib/tmpfiles.d
+pushd ./usr/lib/tmpfiles.d
+cat <<EOF >./10-incus.conf
+d  /var/lib/lxc/rootfs	0755  root  root  -  -
+w+ /etc/subuid - - - - root:1065536:65536
+w+ /etc/subgid - - - - root:1065536:65536
+EOF
+popd
+
+# Add 'core' user to 'incus-admin' group to avoid prefixing
+# all commands with sudo.
+mkdir -p ./usr/lib/userdb/
+echo " " > ./usr/lib/userdb/core:incus-admin.membership
+
+popd
+

changelog/changes/2025-05-14-incus.md

@@ -0,0 +1 @@
+- Provided an Incus Flatcar extension as optional systemd-sysext image with the release. Write 'incus' to `/etc/flatcar/enabled-sysext.conf` through Ignition and the sysext will be installed during provisioning. ([scripts#1655](https://github.com/flatcar/scripts/pull/1655))

sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1-r16.ebuild renamed to sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1-r17.ebuild

@@ -30,8 +30,9 @@ RDEPEND="
 	sys-boot/shim-signed
 	app-containers/containerd
 	app-containers/docker
-	app-containers/docker-cli
 	app-containers/docker-buildx
+	app-containers/docker-cli
+	app-containers/incus
 	app-emulation/amazon-ssm-agent
 	app-emulation/hv-daemons
 	app-emulation/wa-linux-agent

sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild

@@ -0,0 +1,13 @@
+# This is used to convert regular user / group entries to
+# userdb entries (in JSON format) to later be consumed by userdbd
+# when loading the sysext image on the instance.
+# The user / groups will be created dynamically and if the sysext image is
+# removed the entries will be removed as well.
+cros_post_src_install_add_userdb_record(){
+	insinto /usr/lib/userdb
+	newins - ${ACCT_GROUP_NAME}.group < <(
+		printf '{"groupName":"%q","gid":%q}\n' \
+			"${ACCT_GROUP_NAME}" \
+			"${_ACCT_GROUP_ID/#-*/-}"
+	)
+}

sdk_container/src/third_party/coreos-overlay/coreos/config/env/acct-group/incus

@@ -0,0 +1,13 @@
+# This is used to convert regular user / group entries to
+# userdb entries (in JSON format) to later be consumed by userdbd
+# when loading the sysext image on the instance.
+# The user / groups will be created dynamically and if the sysext image is
+# removed the entries will be removed as well.
+cros_post_src_install_add_userdb_record(){
+	insinto /usr/lib/userdb
+	newins - ${ACCT_GROUP_NAME}.group < <(
+		printf '{"groupName":"%q","gid":%q}\n' \
+			"${ACCT_GROUP_NAME}" \
+			"${_ACCT_GROUP_ID/#-*/-}"
+	)
+}

sdk_container/src/third_party/coreos-overlay/coreos/config/env/acct-group/incus-admin

@@ -0,0 +1,13 @@
+# This is used to convert regular user / group entries to
+# userdb entries (in JSON format) to later be consumed by userdbd
+# when loading the sysext image on the instance.
+# The user / groups will be created dynamically and if the sysext image is
+# removed the entries will be removed as well.
+cros_post_src_install_add_userdb_record(){
+	insinto /usr/lib/userdb
+	newins - ${ACCT_GROUP_NAME}.group < <(
+		printf '{"groupName":"%q","gid":%q}\n' \
+			"${ACCT_GROUP_NAME}" \
+			"${_ACCT_GROUP_ID/#-*/-}"
+	)
+}

sdk_container/src/third_party/coreos-overlay/coreos/config/env/acct-group/lxc

@@ -0,0 +1,3 @@
+cros_pre_src_compile_pkgconfig() {
+	export PKG_CONFIG="$(tc-getPKG_CONFIG)"
+}