package/aardvark-dns: new package

aardvark-dns is needed by netavark to provide cross-container DNS
resolving with Podman.

It is to be noted that netavark and aardvark-dns have to be updated in
lock-step [0].

Update the podman runtime test to validate this is working.

[0] https://github.com/containers/podman/blob/main/DISTRO_PACKAGE.md#networking-tools-netavark-aardvark-dns-passt

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>

package/Config.in

@@ -2411,6 +2411,7 @@ menu "Miscellaneous"
 endmenu
 
 menu "Networking applications"
+	source "package/aardvark-dns/Config.in"
 	source "package/aircrack-ng/Config.in"
 	source "package/alfred/Config.in"
 	source "package/aoetools/Config.in"

package/aardvark-dns/Config.in

@@ -0,0 +1,9 @@
+config BR2_PACKAGE_AARDVARK_DNS
+	bool "aardvark-dns"
+	depends on BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS
+	select BR2_PACKAGE_HOST_RUSTC
+	help
+	  Authoritative dns server for A/AAAA container records.
+	  Forwards other request to host's /etc/resolv.conf
+
+	  https://github.com/containers/aardvark-dns/

package/aardvark-dns/aardvark-dns.hash

@@ -0,0 +1,3 @@
+# Locally computed
+sha256  bbd4a0b0bdf6788c09266f1f944d5c5397b6db4f1da0735a1d42738a6e074249  aardvark-dns-v1.14.0-git4-cargo2.tar.gz
+sha256  c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4  LICENSE

package/aardvark-dns/aardvark-dns.mk

@@ -0,0 +1,15 @@
+################################################################################
+#
+# aardvark-dns
+#
+################################################################################
+
+# When updating the version here, also update netavark in lockstep
+AARDVARK_DNS_VERSION = v1.14.0
+AARDVARK_DNS_SITE = https://github.com/containers/aardvark-dns
+AARDVARK_DNS_SITE_METHOD = git
+
+AARDVARK_DNS_LICENSE = Apache-2.0
+AARDVARK_DNS_LICENSE_FILES = LICENSE
+
+$(eval $(cargo-package))

package/netavark/Config.in

@@ -2,6 +2,7 @@ config BR2_PACKAGE_NETAVARK
 	bool "netavark"
 	depends on BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS
 	select BR2_PACKAGE_HOST_RUSTC
+	select BR2_PACKAGE_AARDVARK_DNS  # runtime
 	select BR2_PACKAGE_IPTABLES if !BR2_PACKAGE_NFTABLES  # runtime
 	select BR2_PACKAGE_NFTABLES_JSON if BR2_PACKAGE_NFTABLES && !BR2_PACKAGE_IPTABLES
 	help

package/netavark/netavark.mk

@@ -4,6 +4,7 @@
 #
 ################################################################################
 
+# When updating the version here, also update aardvark-dns in lockstep
 NETAVARK_VERSION = v1.14.0
 NETAVARK_SITE = https://github.com/containers/netavark
 NETAVARK_SITE_METHOD = git

package/podman/podman.mk

@@ -101,6 +101,7 @@ PODMAN_POST_INSTALL_TARGET_HOOKS += PODMAN_CONFIG
 
 define PODMAN_HELPERS
 	$(Q)mkdir -p $(TARGET_DIR)/usr/libexec/podman
+	$(Q)ln -sf ../../bin/aardvark-dns $(TARGET_DIR)/usr/libexec/podman/aardvark-dns
 	$(Q)ln -sf ../../bin/netavark $(TARGET_DIR)/usr/libexec/podman/netavark
 	$(Q)ln -sf ../../bin/slirp4netns $(TARGET_DIR)/usr/libexec/podman/slirp4netns
 	$(PODMAN_HELPER_INIT)

support/testing/tests/package/test_podman.py

@@ -166,6 +166,44 @@ class PodmanBase(infra.basetest.BRTest):
         output, _ = self.emulator.run('echo ${br_container}')
         self.assertEqual(output[0], "", "Still in a container")
 
+        # Test networking between two containers
+        self.assertRunOk("podman network create buz")
+        self.assertRunOk(
+            "podman container run --rm -ti --name pod007 --network buz --detach busybox:1.37.0",
+        )
+        self.assertRunOk(
+            "podman container run --rm -ti --name pod006 --network buz --detach busybox:1.37.0",
+        )
+        # Ensure each pod can resolv itself and the other
+        # (not using itertools.matrix() just for those trivial combinations)
+        for pod1, pod2 in [
+            ("pod006", "pod006"),
+            ("pod006", "pod007"),
+            ("pod007", "pod007"),
+            ("pod007", "pod006"),
+        ]:
+            output, exit_code = self.emulator.run(
+                f"podman container exec {pod1} nslookup {pod2}",
+            )
+            self.assertEqual(exit_code, 0)
+            self.assertTrue(output[0].startswith("Server:"))
+            self.assertTrue(output[1].startswith("Address:"))
+            # Busybox' nslookup emits one "Non-authoritative answer" per
+            # supported address familly: IPv4 and IPv6.
+            self.assertEqual(
+                len([line for line in output[2:] if line == "Non-authoritative answer:"]),
+                2,
+            )
+            # But only IPv4 is available on this network
+            self.assertEqual(
+                len([line for line in output[2:] if line.startswith("Address:")]),
+                1,
+            )
+        self.assertRunOk("podman container kill --all")
+        output, _ = self.emulator.run("podman container ls --format '{{ json }}'")
+        pod_info = json.loads("".join(output))
+        self.assertEqual(len(pod_info), 0, f"{len(pod_info)} container(s) still present, expecting 0")
+
         # Remove the offical image
         self.assertRunOk('podman image rm busybox:1.37.0')
         output, _ = self.emulator.run("podman image ls --format '{{ json }}'")