From: Tomas Volf <~@wolfsden.cz>
To: 70112@debbugs.gnu.org
Cc: Tomas Volf <~@wolfsden.cz>
Subject: [bug#70112] [PATCH 09/11] gnu: podman: Revamp the package.
Date: Sun, 31 Mar 2024 20:35:06 +0200 [thread overview]
Message-ID: <b61c04a17521934cce1a49f7420443785e7158b6.1711909824.git.~@wolfsden.cz> (raw)
In-Reply-To: <cover.1711909824.git.~@wolfsden.cz>
Substantial rework of the podman package. The source is no longer patched (at
all) and all necessary modifications were moved into wrap-program and phases.
Not everything is supported out of the box, but description mentions what
packages to install to get additional functionality working.
* gnu/packages/containers.scm (podman)[source]: Remove snippet and patches.
[arguments]<#:make-flags>: Add HELPER_BINARIES_DIR. Add GOMD2MAN to actually
use go-github-com-go-md2man package instead of the bundled version.
<#:imported-modules>: Add (guix build go-build-system).
<#:phases>{'set-env}: Set `CC' as an environment variable due to bug in make
before 4.4.
{'fix-hardcoded-paths}: Remove everything except patching `libexec' and `lib'
locations.
{'symlink-helpers}: New phase symlinking tools not discoverable via $PATH into
one directory (`HELPER_BINARIES_DIR').
{'wrap-podman}: New phase wrapping `podman' to set correct $PATH.
{'remove-go-references}: New phase stripping references to the golang
toolchain from the binaries.
[inputs]: Remove no longer needed cni-plugins, slirp4netns. Remove referenced
in 'wrap-podman conmon, crun, iptables, passt. Move go-github-com-go-md2man
into native-inputs. Add bash-minimal.
[native-inputs]: Add custom grep with supported -P. Use newer go. Add
mandoc.
[description]: Explain how to get `podman compose' and `podman machine'
working.
* gnu/packages/patches/podman-program-lookup.patch: Delete file.
Change-Id: Ifc28971a68751831d781517b041eec951a617087
---
gnu/local.mk | 1 -
gnu/packages/containers.scm | 119 ++++++++++-------
.../patches/podman-program-lookup.patch | 120 ------------------
3 files changed, 74 insertions(+), 166 deletions(-)
delete mode 100644 gnu/packages/patches/podman-program-lookup.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index f2b480bded..7056d4fdbc 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1804,7 +1804,6 @@ dist_patch_DATA = \
%D%/packages/patches/plasp-fix-normalization.patch \
%D%/packages/patches/plasp-include-iostream.patch \
%D%/packages/patches/pocketfft-cpp-prefer-preprocessor-if.patch \
- %D%/packages/patches/podman-program-lookup.patch \
%D%/packages/patches/pokerth-boost.patch \
%D%/packages/patches/ppsspp-disable-upgrade-and-gold.patch \
%D%/packages/patches/procps-strtod-test.patch \
diff --git a/gnu/packages/containers.scm b/gnu/packages/containers.scm
index 992ef82d3f..abd403af34 100644
--- a/gnu/packages/containers.scm
+++ b/gnu/packages/containers.scm
@@ -44,10 +44,13 @@ (define-module (gnu packages containers)
#:use-module (gnu packages check)
#:use-module (gnu packages compression)
#:use-module (gnu packages glib)
+ #:use-module (gnu packages gcc)
#:use-module (gnu packages gnupg)
#:use-module (gnu packages golang)
#:use-module (gnu packages guile)
#:use-module (gnu packages linux)
+ #:use-module (gnu packages man)
+ #:use-module (gnu packages pcre)
#:use-module (gnu packages python)
#:use-module (gnu packages networking)
#:use-module (gnu packages pkg-config)
@@ -449,84 +452,104 @@ (define-public podman
(uri (git-reference
(url "https://github.com/containers/podman")
(commit (string-append "v" version))))
- (modules '((guix build utils)))
- ;; FIXME: Btrfs libraries not detected by these scripts.
- (snippet '(substitute* "Makefile"
- ((".*hack/btrfs.*") "")))
- (patches
- (search-patches
- "podman-program-lookup.patch"))
(sha256
(base32 "0g15m10mgwssw5axkyn2ms5k858dbc6vf3cbxv7hvdncgwnfk5f0"))
(file-name (git-file-name name version))))
-
(build-system gnu-build-system)
(arguments
(list
#:make-flags
- #~(list #$(string-append "CC=" (cc-for-target))
- (string-append "PREFIX=" #$output))
+ #~(list (string-append "CC=" #$(cc-for-target))
+ (string-append "PREFIX=" #$output)
+ (string-append "HELPER_BINARIES_DIR=" #$output "/_guix")
+ (string-append "GOMD2MAN="
+ #$go-github-com-go-md2man "/bin/go-md2man"))
#:tests? #f ; /sys/fs/cgroup not set up in guix sandbox
#:test-target "test"
+ #:imported-modules
+ (source-module-closure `(,@%gnu-build-system-modules
+ (guix build go-build-system)))
#:phases
#~(modify-phases %standard-phases
(delete 'configure)
(add-after 'unpack 'set-env
- (lambda* (#:key inputs #:allow-other-keys)
- ;; when running go, things fail because
- ;; HOME=/homeless-shelter.
- (setenv "HOME" "/tmp")))
+ (lambda _
+ ;; When running go, things fail because HOME=/homeless-shelter.
+ (setenv "HOME" "/tmp")
+ ;; Required for detecting btrfs in hack/btrfs* due to bug in GNU
+ ;; Make <4.4 causing CC not to be propagated into $(shell ...)
+ ;; calls. Can be removed once we update to >4.3.
+ (setenv "CC" #$(cc-for-target))))
(replace 'check
(lambda* (#:key tests? #:allow-other-keys)
(when tests?
- ;; (invoke "strace" "-f" "bin/podman" "version")
(invoke "make" "localsystem")
(invoke "make" "remotesystem"))))
(add-after 'unpack 'fix-hardcoded-paths
(lambda _
- (substitute* "vendor/github.com/containers/common/pkg/config/config.go"
- (("@SLIRP4NETNS_DIR@")
- (string-append #$slirp4netns "/bin"))
- (("@PASST_DIR@")
- (string-append #$passt "/bin"))
- (("@NETAVARK_DIR@")
- (string-append #$netavark "/bin")))
- (substitute* "hack/install_catatonit.sh"
- (("CATATONIT_PATH=\"[^\"]+\"")
- (string-append "CATATONIT_PATH=" (which "true"))))
(substitute* "vendor/github.com/containers/common/pkg/config/config_linux.go"
(("/usr/local/libexec/podman")
(string-append #$output "/libexec/podman"))
(("/usr/local/lib/podman")
- (string-append #$output "/bin")))
- (substitute* "vendor/github.com/containers/common/pkg/config/default.go"
- (("/usr/libexec/podman/conmon") (which "conmon"))
- (("/usr/local/libexec/cni")
- (string-append #$(this-package-input "cni-plugins")
- "/bin"))
- (("/usr/bin/crun") (which "crun")))))
+ (string-append #$output "/bin")))))
+ (add-after 'install 'symlink-helpers
+ (lambda _
+ (mkdir-p (string-append #$output "/_guix"))
+ (for-each
+ (lambda (what)
+ (symlink (string-append (car what) "/bin/" (cdr what))
+ (string-append #$output "/_guix/" (cdr what))))
+ ;; Only tools that cannot be discovered via $PATH are
+ ;; symlinked. Rest is handled in the 'wrap-podman phase.
+ `((#$aardvark-dns . "aardvark-dns")
+ ;; Required for podman-machine, which is *not* supported out
+ ;; of the box. But it cannot be discovered via $PATH, so
+ ;; there is no other way for the user to install it. It
+ ;; costs ~10MB, so let's leave it here.
+ (#$gvisor-tap-vsock . "gvproxy")
+ (#$netavark . "netavark")))))
+ (add-after 'install 'wrap-podman
+ (lambda _
+ (wrap-program (string-append #$output "/bin/podman")
+ `("PATH" suffix
+ (,(string-append #$catatonit "/bin")
+ ,(string-append #$conmon "/bin")
+ ,(string-append #$crun "/bin")
+ ,(string-append #$gcc "/bin") ; cpp
+ ,(string-append #$iptables "/sbin")
+ ,(string-append #$passt "/bin")
+ ,(string-append #$procps "/bin") ; ps
+ "/run/setuid-programs")))))
+ (add-after 'install 'remove-go-references
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((go (assoc-ref inputs "go")))
+ (for-each
+ (lambda (file)
+ (when (executable-file? file)
+ ((@@ (guix build go-build-system) remove-store-reference)
+ file go)))
+ (append (find-files (string-append #$output "/bin"))
+ (find-files (string-append #$output "/libexec"))
+ (find-files (string-append #$output "/lib")))))))
(add-after 'install 'install-completions
(lambda _
(invoke "make" "install.completions"
(string-append "PREFIX=" #$output)))))))
(inputs
- (list btrfs-progs
- cni-plugins
- conmon
- crun
+ (list bash-minimal
+ btrfs-progs
gpgme
- go-github-com-go-md2man
- iptables
libassuan
libseccomp
- libselinux
- passt
- slirp4netns))
+ libselinux))
(native-inputs
- (list bats
+ (list (package/inherit grep
+ (inputs (list pcre2))) ; Drop once grep on master supports -P
+ bats
git
go-1.21
- ; strace ; XXX debug
+ go-github-com-go-md2man
+ mandoc
pkg-config
python))
(home-page "https://podman.io")
@@ -536,8 +559,14 @@ (define-public podman
volumes mounted into those containers, and pods made from groups of
containers.
-The @code{machine} subcommand is not supported due to gvproxy not being
-packaged.")
+Not all commands are working out of the box due to requiring additional
+binaries to be present in the $PATH.
+
+To get @code{podman compose} working, install either @code{podman-compose} or
+@code{docker-compose} packages.
+
+To get @code{podman machine} working, install @code{qemu-minimal}, and
+@code{openssh} packages.")
(license license:asl2.0)))
(define-public podman-compose
diff --git a/gnu/packages/patches/podman-program-lookup.patch b/gnu/packages/patches/podman-program-lookup.patch
deleted file mode 100644
index 27a9421285..0000000000
--- a/gnu/packages/patches/podman-program-lookup.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From 914aed3e04f71453fbdc30f4287e13ca3ce63a36 Mon Sep 17 00:00:00 2001
-From: Tomas Volf <~@wolfsden.cz>
-Date: Wed, 14 Feb 2024 20:02:03 +0100
-Subject: [PATCH] Modify search for binaries to fit Guix model
-
-Podman basically looked into the $PATH and into its libexec. That does not fit
-Guix's model very well, to an additional option to specify additional
-directories during compilation was added.
-
-* pkg/rootless/rootless_linux.go
-(tryMappingTool): Also check /run/setuid-programs.
-* vendor/github.com/containers/common/pkg/config/config.go
-(extraGuixDir): New function.
-(FindHelperBinary): Use it.
-* vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go
-(guixLookupSetuidPath): New function.
-(Start): Use it.
----
- pkg/rootless/rootless_linux.go | 3 +++
- .../containers/common/pkg/config/config.go | 23 +++++++++++++++++++
- .../storage/pkg/unshare/unshare_linux.go | 14 +++++++++--
- 3 files changed, 38 insertions(+), 2 deletions(-)
-
-diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
-index d303c8b..0191d90 100644
---- a/pkg/rootless/rootless_linux.go
-+++ b/pkg/rootless/rootless_linux.go
-@@ -102,6 +102,9 @@ func tryMappingTool(uid bool, pid int, hostID int, mappings []idtools.IDMap) err
- idtype = "setgid"
- }
- path, err := exec.LookPath(tool)
-+ if err != nil {
-+ path, err = exec.LookPath("/run/setuid-programs/" + tool)
-+ }
- if err != nil {
- return fmt.Errorf("command required for rootless mode with multiple IDs: %w", err)
- }
-diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go
-index 75b917f..ed2f131 100644
---- a/vendor/github.com/containers/common/pkg/config/config.go
-+++ b/vendor/github.com/containers/common/pkg/config/config.go
-@@ -1102,6 +1102,24 @@ func findBindir() string {
- return bindirCached
- }
-
-+func extraGuixDir(bin_name string) string {
-+ if (bin_name == "slirp4netns") {
-+ return "@SLIRP4NETNS_DIR@";
-+ } else if (bin_name == "pasta") {
-+ return "@PASST_DIR@";
-+ } else if (strings.HasPrefix(bin_name, "qemu-")) {
-+ return "@QEMU_DIR@";
-+ } else if (bin_name == "gvproxy") {
-+ return "@GVPROXY_DIR@";
-+ } else if (bin_name == "netavark") {
-+ return "@NETAVARK_DIR@";
-+ } else if (bin_name == "aardvark-dns") {
-+ return "@AARDVARK_DNS_DIR@";
-+ } else {
-+ return "";
-+ }
-+}
-+
- // FindHelperBinary will search the given binary name in the configured directories.
- // If searchPATH is set to true it will also search in $PATH.
- func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error) {
-@@ -1109,6 +1127,11 @@ func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error)
- bindirPath := ""
- bindirSearched := false
-
-+ if dir := extraGuixDir(name); dir != "" {
-+ /* If there is a Guix dir, skip the PATH search. */
-+ dirList = append([]string{dir}, dirList...)
-+ }
-+
- // If set, search this directory first. This is used in testing.
- if dir, found := os.LookupEnv("CONTAINERS_HELPER_BINARY_DIR"); found {
- dirList = append([]string{dir}, dirList...)
-diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go
-index a8dc1ba..0b0d755 100644
---- a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go
-+++ b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go
-@@ -26,6 +26,16 @@ import (
- "github.com/syndtr/gocapability/capability"
- )
-
-+func guixLookupSetuidPath(prog string) (string, error) {
-+ path, err := exec.LookPath(prog)
-+ if err != nil {
-+ path, err = exec.LookPath("/run/setuid-programs/" + prog)
-+ }
-+ return path, err
-+}
-+
-+
-+
- // Cmd wraps an exec.Cmd created by the reexec package in unshare(), and
- // handles setting ID maps and other related settings by triggering
- // initialization code in the child.
-@@ -237,7 +247,7 @@ func (c *Cmd) Start() error {
- gidmapSet := false
- // Set the GID map.
- if c.UseNewgidmap {
-- path, err := exec.LookPath("newgidmap")
-+ path, err := guixLookupSetuidPath("newgidmap")
- if err != nil {
- return fmt.Errorf("finding newgidmap: %w", err)
- }
-@@ -297,7 +307,7 @@ func (c *Cmd) Start() error {
- uidmapSet := false
- // Set the UID map.
- if c.UseNewuidmap {
-- path, err := exec.LookPath("newuidmap")
-+ path, err := guixLookupSetuidPath("newuidmap")
- if err != nil {
- return fmt.Errorf("finding newuidmap: %w", err)
- }
---
-2.41.0
-
--
2.41.0
next prev parent reply other threads:[~2024-03-31 18:36 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-31 18:32 [bug#70112] [PATCH 00/11] Update container tooling (podman, buildah) Tomas Volf
2024-03-31 18:34 ` [bug#70112] [PATCH 01/11] gnu: crun: Update to 1.14.4 Tomas Volf
2024-03-31 18:34 ` [bug#70112] [PATCH 02/11] gnu: podman: Drop obsolete comment Tomas Volf
2024-03-31 18:35 ` [bug#70112] [PATCH 03/11] gnu: podman: Update to 5.0.0 Tomas Volf
2024-03-31 18:35 ` [bug#70112] [PATCH 04/11] gnu: conmon: Update to 2.1.10 Tomas Volf
2024-03-31 18:35 ` [bug#70112] [PATCH 05/11] gnu: passt: Update to 2024_03_20.71dd405 Tomas Volf
2024-03-31 18:35 ` [bug#70112] [PATCH 06/11] gnu: Add catatonit Tomas Volf
2024-03-31 18:35 ` [bug#70112] [PATCH 07/11] gnu: Add podman-compose Tomas Volf
2024-03-31 18:35 ` [bug#70112] [PATCH 08/11] gnu: gvisor-tap-vsock: Remove references to go Tomas Volf
2024-03-31 18:35 ` Tomas Volf [this message]
2024-03-31 18:35 ` [bug#70112] [PATCH 10/11] gnu: buildah: Update to 1.35.3 Tomas Volf
2024-03-31 18:35 ` [bug#70112] [PATCH 11/11] gnu: buildah: Switch to gnu-build-system Tomas Volf
2024-05-09 22:23 ` [bug#70112] [PATCH v2 01/11] gnu: crun: Update to 1.15 Tomas Volf
2024-05-09 22:23 ` [bug#70112] [PATCH v2 02/11] gnu: podman: Drop obsolete comment Tomas Volf
2024-05-09 22:23 ` [bug#70112] [PATCH v2 03/11] gnu: podman: Update to 5.0.2 Tomas Volf
2024-05-09 22:23 ` [bug#70112] [PATCH v2 04/11] gnu: conmon: Update to 2.1.11 Tomas Volf
2024-05-09 22:23 ` [bug#70112] [PATCH v2 05/11] gnu: passt: Update to 2024_03_20.71dd405 Tomas Volf
2024-05-09 22:23 ` [bug#70112] [PATCH v2 06/11] gnu: Add catatonit Tomas Volf
2024-05-09 22:23 ` [bug#70112] [PATCH v2 07/11] gnu: Add podman-compose Tomas Volf
2024-05-09 22:23 ` [bug#70112] [PATCH v2 08/11] gnu: gvisor-tap-vsock: Remove references to go Tomas Volf
2024-05-09 22:23 ` [bug#70112] [PATCH v2 09/11] gnu: podman: Revamp the package Tomas Volf
2024-05-09 22:23 ` [bug#70112] [PATCH v2 10/11] gnu: buildah: Update to 1.35.3 Tomas Volf
2024-05-09 22:23 ` [bug#70112] [PATCH v2 11/11] gnu: buildah: Switch to gnu-build-system Tomas Volf
2024-05-21 22:00 ` bug#70112: [PATCH 00/11] Update container tooling (podman, buildah) Sharlatan Hellseher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='b61c04a17521934cce1a49f7420443785e7158b6.1711909824.git.~@wolfsden.cz' \
--to=~@wolfsden.cz \
--cc=70112@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).