From nobody Wed Nov 16 12:46:37 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NC2qK3JMkz4hq6C; Wed, 16 Nov 2022 12:46:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NC2qK2H3zz4KvF; Wed, 16 Nov 2022 12:46:37 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1668602797; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=g15lRl6TftqmbPLsN9g+bgdouaA5j0boDZbQzRn6HQ8=; b=uHTm1nA9ztFVu+FdAzeMo8RxkmOxlTAiItENb7w73s+WvLIxJ6/tak67T5beeIJWUo/j2t YBedsqYM3/RbuK+0jilkbkGjlHfsUTDv42BKNjh38OGPIHS4VmcKaqyvkPY8Os+ZQCLiR6 UIECyT7HNqY2HoxAd2xfyqYV/SYnwLT7dcEkLUzN6o3MhWgVW0XeYPIqoXK4NvkLYmwCVh 1TjDt46CxdoQ1x3DCETEocaj54aadpmmj35N+Z+Ys2SuGqd66Pa9xYtbx48yBuxar8xpOT b2obZd7IB97s88Od+h1j2vPb/MOr2nR72yUs6hio20G4QEKUsGNg9lXevZztxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1668602797; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=g15lRl6TftqmbPLsN9g+bgdouaA5j0boDZbQzRn6HQ8=; b=BvSdBjCkgUBx3PByYnBq3wQ9pA4lHADD5Qvuw/M4I1phrheNJ4PzyyZ28SCiqVQuolHAf/ M5pBlAN1AXhkZKUlbuJw/i5UNBdRNy/6+DM+eiMI19uKPdMkwRCfn/zg/HIKy5tO91rEY7 BNPU7RGpYSLMnTj5XmWHcpAtWcF9fafgenj0Jk9euK2f948EBmLgenWUji3KuYIlZliUbV Oace8D3nKoiszSzuaHB0/sGMHCArO8kEndk1tYlRXA02OgAUx9R2gAex60Em5UK39ovpPp J7QUXbh9yN06kElsHA2XcPA3r+ApqSS/IB68ykX9urS6rQ0hq3xccf50Vlnw0A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1668602797; a=rsa-sha256; cv=none; b=AKRdVVxdOXBoI/bq4bsg4yi41k66znoFlyE+UJ4CiglOekD3h1j8q3gtcaoORS0tKoMLVl koTRI/3A8LKYObwVCGvSj+yXKgxRiaTceA22zeq7y0oBD5gyC9Wq2kKNEDtaPgUxSRFmJt f8OuQ85Ywxv78kMthg0LcBB4A4zqiA6pvqIHSGj4mGr6YgKmgzbohyo8kdno7PVZJ3SKGX nSCJixFd6c3zdgodbfw4szDz+nRMlmFCHVE79QAYV2kBr6UbSckPJxX3W5UI8evjzKQako yuTzhRXMTJsB4zW2oq6Ept//+pqJYpXzFX772T2bYXn8Ksy8Khdkf44W5JBHPA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NC2qK1NLnz12SN; Wed, 16 Nov 2022 12:46:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2AGCkbQE051759; Wed, 16 Nov 2022 12:46:37 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2AGCkbqM051758; Wed, 16 Nov 2022 12:46:37 GMT (envelope-from git) Date: Wed, 16 Nov 2022 12:46:37 GMT Message-Id: <202211161246.2AGCkbqM051758@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Dave Cottlehuber Subject: git: f23ec277674d - main - net/containernetworking-plugins: new port List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: dch X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f23ec277674d443fdafb42abb19b4679daa27553 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by dch: URL: https://cgit.FreeBSD.org/ports/commit/?id=f23ec277674d443fdafb42abb19b4679daa27553 commit f23ec277674d443fdafb42abb19b4679daa27553 Author: Doug Rabson AuthorDate: 2022-11-16 12:46:30 +0000 Commit: Dave Cottlehuber CommitDate: 2022-11-16 12:46:30 +0000 net/containernetworking-plugins: new port CNI plugins for container networking support PR: 267184 Reviewed by: arrowd Reviewed by: dch Sponsored by: SkunkWerks, GmbH Differential Revision: https://reviews.freebsd.org/D37324 --- net/Makefile | 1 + net/containernetworking-plugins/Makefile | 28 ++++++++++++++++++++++ net/containernetworking-plugins/distinfo | 3 +++ .../files/pf.conf.sample | 8 +++++++ net/containernetworking-plugins/pkg-descr | 3 +++ net/containernetworking-plugins/pkg-message | 8 +++++++ net/containernetworking-plugins/pkg-plist | 8 +++++++ 7 files changed, 59 insertions(+) diff --git a/net/Makefile b/net/Makefile index b5af4861faa8..d4b8d07ce39a 100644 --- a/net/Makefile +++ b/net/Makefile @@ -87,6 +87,7 @@ SUBDIR += clusterit SUBDIR += cnd SUBDIR += concourse-fly + SUBDIR += containernetworking-plugins SUBDIR += corkscrew SUBDIR += corosync2 SUBDIR += corosync3 diff --git a/net/containernetworking-plugins/Makefile b/net/containernetworking-plugins/Makefile new file mode 100644 index 000000000000..f0e11c9ead4f --- /dev/null +++ b/net/containernetworking-plugins/Makefile @@ -0,0 +1,28 @@ +PORTNAME= containernetworking-plugins +DISTVERSION= 0.1 +CATEGORIES= net + +MAINTAINER= dfr@FreeBSD.org +COMMENT= Networking plugins for container networking support +WWW= https://www.cni.dev/ + +LICENSE= GPLv2 + +USES= go:no_targets +BUILD_DEPENDS= bash:shells/bash + +USE_GITHUB= yes +GH_ACCOUNT= dfr +GH_PROJECT= plugins +GH_TAGNAME= 60b0a2b + +do-build: + cd ${WRKSRC} && ${SETENV} XDG_CACHE_HOME=${WRKDIR}/.cache GO=${GO_CMD} ./build_freebsd.sh + +do-install: + ${MKDIR} ${STAGEDIR}${PREFIX}/libexec/cni + ${MKDIR} ${STAGEDIR}${PREFIX}/etc/containers + cd ${WRKSRC} && ${INSTALL_PROGRAM} bin/* ${STAGEDIR}${PREFIX}/libexec/cni + ${INSTALL_DATA} files/pf.conf.sample ${STAGEDIR}${PREFIX}/etc/containers + +.include diff --git a/net/containernetworking-plugins/distinfo b/net/containernetworking-plugins/distinfo new file mode 100644 index 000000000000..2e328f4fd663 --- /dev/null +++ b/net/containernetworking-plugins/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1667064085 +SHA256 (dfr-plugins-0.1-60b0a2b_GH0.tar.gz) = e2eb2a6ec6209b4cd08ebd53b104fe1d0edafb3d3473c8450e60a69e3c509399 +SIZE (dfr-plugins-0.1-60b0a2b_GH0.tar.gz) = 4197131 diff --git a/net/containernetworking-plugins/files/pf.conf.sample b/net/containernetworking-plugins/files/pf.conf.sample new file mode 100644 index 000000000000..9d4ec5e2b414 --- /dev/null +++ b/net/containernetworking-plugins/files/pf.conf.sample @@ -0,0 +1,8 @@ +# Change this to the interface with the default route +egress_if = "ix0" + +nat on $egress_if inet from to any -> ($egress_if) +nat on $egress_if inet6 from to !ff00::/8 -> ($egress_if) + +rdr-anchor "cni-rdr/*" +table diff --git a/net/containernetworking-plugins/pkg-descr b/net/containernetworking-plugins/pkg-descr new file mode 100644 index 000000000000..cc57e1bcaf5c --- /dev/null +++ b/net/containernetworking-plugins/pkg-descr @@ -0,0 +1,3 @@ +CNI plugins for container networking support. This is used by +container engines such as podman and buildah to setup and teardown +network access for containers. diff --git a/net/containernetworking-plugins/pkg-message b/net/containernetworking-plugins/pkg-message new file mode 100644 index 000000000000..55be0dfff490 --- /dev/null +++ b/net/containernetworking-plugins/pkg-message @@ -0,0 +1,8 @@ +Container networking relies on NAT to allow container network packets +out to the host's network. This requires a PF firewall to perform the +translation. A simple example is included - to use it: + +# cp /usr/local/etc/containers/pf.conf.sample /etc/pf.conf +... edit /etc/pf.conf and set egress_if to your network interface ... +# sysrc pf_enable=YES +# service pf start diff --git a/net/containernetworking-plugins/pkg-plist b/net/containernetworking-plugins/pkg-plist new file mode 100644 index 000000000000..2add69f1465e --- /dev/null +++ b/net/containernetworking-plugins/pkg-plist @@ -0,0 +1,8 @@ +etc/containers/pf.conf.sample +libexec/cni/bridge +libexec/cni/firewall +libexec/cni/host-local +libexec/cni/loopback +libexec/cni/portmap +libexec/cni/static +libexec/cni/tuning