meta-container-deploy

Yocto/OpenEmbedded layer for declarative Podman container support with build-time image pulling and systemd Quadlet integration. meta-container-deploy provides BitBake classes and recipes to: 1. Pull container images at build time using skopeo-native and include them in the rootfs 2. Generate Podman Quadlet files (.container units) for declarative systemd service management 3. Define containers declaratively via YAML/JSON manifests or BitBake variables This enables reproducible, air-gapped container deployments for embedded Linux systems. Features: - Build-time container image pulling - Images are pulled during bitbake using skopeo-native - OCI format storage - Images stored in standard OCI layout for portability - Podman Quadlet integration - Modern declarative systemd container management - Pod support - Group containers into pods for shared network namespace and atomic lifecycle - Network definitions - Create named Podman networks via Quadlet .network files with configurable drivers, subnets, and options - Network aliases - DNS discovery within networks via --network-alias for container-to-container communication - Architecture mapping - Automatic TARGET_ARCH to OCI architecture conversion - Private registry support - Authentication via Docker config.json, custom TLS certificates - Dependency management - Container service ordering via systemd dependencies - Security options - Capabilities, security labels, read-only rootfs support - Image verification - Post-pull OCI structure validation (default) and optional pre-pull registry checks - SBOM/Provenance support - Automatic digest resolution with OCI labels extraction for Software Bill of Materials - Rootfs auto-expansion - Automatically expand root filesystem to full storage capacity on first boot (ideal for SD card deployments)

Git repository

https://github.com/technosec-dev/meta-container-deploy.git web repo

Last commit: 1 month, 2 weeks ago (scarthgap branch)

Maintainer

• Marco Pennelli email