From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id aDOTHGtNPWZdQAEAqHPOHw:P1 (envelope-from ) for ; Fri, 10 May 2024 00:25:47 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id aDOTHGtNPWZdQAEAqHPOHw (envelope-from ) for ; Fri, 10 May 2024 00:25:47 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b=JbwzjN0l; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b=qjA2g+W+; dmarc=fail reason="SPF not aligned (relaxed)" header.from=wolfsden.cz (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1715293547; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=UhEohPhomsWYAr9t+fLbV8BaAMh1u0087a4OP6SdHaY=; b=SHQfOKc8acv+EvmPv3t2S4yU58ZeGL89WCuf1WH65jL5ws4OEBLX1npWe2+7znfAq2ejrD OK7muAAXNK4G4a+zPZK3jCXOwiEkQs6zSBJyGLVw18Kt/Gxee/h50RYUfTpS2MhF8oTuEY AuQC22g92qDGqoP1GGkivX3PS0lZTnoHyL8ssID316loAWNIBJ1Nyrkky39G3EZUZzD9Xc 46/GFINytL/f1LgHy5opZrhA7IR4UZFoIcNRA1qgQ0pZZHAFW2Zw4HSHR8Tlcqa6+gnQ7L RoKXcQkpEEkme2FJ07ntK1JazolUt7ZNAdRhKNr/hw9stTfw/OJqsUShuKdLbQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1715293547; a=rsa-sha256; cv=none; b=l1DxEMb83P4tJJM77eGK+bTW2gH5VyLm/OQAvs3hQiWG6cKZqK2kaDPTDlZqO7ADb2IDKy E2YB0hMVFrda5nOm73l7u2F6DupIuIUOrVLiRm2/OyRgSWLnob0exsOADm0+nJCp0Xf6RB tR7z6mtoRXo27mnaPXi/v4acai9aLpQSKh15NLqe9ra59rZmdlYIArmXDYm+Qun4ird4EF LqjlEh00g6333bgBxhVFPrBEGf7DsP4KGLavIONRm8RoQh7HMKQHTXKttg8mqP9ugJ0U82 M+VmFWo90YHERNbkrXoECwChfAF/cjEP9nfbB+NXf1GIiJmeUZbGUM3Tpb4fFQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b=JbwzjN0l; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b=qjA2g+W+; dmarc=fail reason="SPF not aligned (relaxed)" header.from=wolfsden.cz (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C73705663 for ; Fri, 10 May 2024 00:25:46 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1s5CCM-0002rd-VX; Thu, 09 May 2024 18:25:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s5CCK-0002qR-KJ for guix-patches@gnu.org; Thu, 09 May 2024 18:25:08 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1s5CCK-0006px-9x for guix-patches@gnu.org; Thu, 09 May 2024 18:25:08 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1s5CCI-0002Am-Jt for guix-patches@gnu.org; Thu, 09 May 2024 18:25:06 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70112] [PATCH v2 09/11] gnu: podman: Revamp the package. Resent-From: Tomas Volf <~@wolfsden.cz> Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 09 May 2024 22:25:06 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70112 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70112@debbugs.gnu.org Cc: Tomas Volf <~@wolfsden.cz> Received: via spool by 70112-submit@debbugs.gnu.org id=B70112.17152934558259 (code B ref 70112); Thu, 09 May 2024 22:25:06 +0000 Received: (at 70112) by debbugs.gnu.org; 9 May 2024 22:24:15 +0000 Received: from localhost ([127.0.0.1]:40960 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s5CBS-000293-Nf for submit@debbugs.gnu.org; Thu, 09 May 2024 18:24:15 -0400 Received: from wolfsden.cz ([37.205.8.62]:47506) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1s5CBM-00028N-7L for 70112@debbugs.gnu.org; Thu, 09 May 2024 18:24:09 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id 45A4D2835F1; Thu, 9 May 2024 22:24:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1715293449; bh=SmWJdi8UWFPZO+bEikvp0vAW1XmfBo+co5QwmEAc+q8=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=JbwzjN0lsTikKy/60eSehTOQpn0xYdws3lzH8X1AVcgQC6xVrcwkrIBLFvU6NilwY TAomKbCF14omvWwn5PShYwBUuG+9/VuY3lW53lkwgI3zQctAF0UaMm03s1/0p1T7kZ mgUZkmKRZposS/DFiInNptb9QnXqONTopLxQBVZLXGdp6d3XyLh2DJOLfVYgNVKYuh Oy1IcVcgK+QFiRTp0U2yKgwcX7bE5pEwX1Js1I7K0/SG7Czq1cnbQd70IhMWk9iEb/ XJC4FnIeOgkk9jaRTzz+hELYhMtDzyqLi9QMQ7mEnf8OhaTGNYf1pDsI8Wqvhg4IDc gZpmeLLmC4sg9PNs7M3o3DcCANR/ViYSroZ8ShASZ9kJcvpin+8BEXIxzPC/fRn7uG i3lVbwbr/Xl9SNESUEMbhgDduDHrHRmLrh1Z9uVyKiHBNBDj3PSdqwJ4rDzo6ICrUh E/9tIhBcbwDYoGxEcmK/zlAQIeolAd8Xa61cALdMUJSSSCcsqen8wLUDvugYYlGut/ kJMzU9Qzgd8+XGZd4+dGHngoERJmklPWB0FOEF8+vfDLd/zi5iWrt76RVmDSRN1N8p S7Ceqh/eLaaRPhbJMXQnj+x5P1LP0/L8isKYnfu+4sgzed/ZC23PDQ2aEXHjv36PYi 3TrbkhDCLzO2rBdHBH0U+Z5A= Received: from localhost (unknown [146.70.134.143]) by wolfsden.cz (Postfix) with ESMTPSA id B20722876B7; Thu, 9 May 2024 22:24:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1715293447; bh=SmWJdi8UWFPZO+bEikvp0vAW1XmfBo+co5QwmEAc+q8=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=qjA2g+W+wjCfCeX+vKJ5LRDnGudwaMytVyUg+SttTSNIkXDZRi+AbNZTDLfduJ19v 9MEf3ml7niR4w79wo8lOWGBzFE0dwqRvzmKzx5U/Ox0qPbEgkhqZES+3Bo1x3nw+dz boCJakCZ6hCy1mB5Q57DHFnd3aeTY+jYVAgKvqXrIK/QntfEKoKAfdqFRskDqWkiwr ATsr7BCUNM6gG+UievS8aaV926yciL30q0nZ4R6C569Bp9caCd3dXT5a0094JVd68j y/NvFl0TtE09dgEpE9Rh8CMfelgBvlpb3rf9MEylvzqixArB3hNPQX4fIhEAPKbgNm ftDL42w/Rd9NUjWSmhknKleVAZBmSaihD63srJ+an8qtG/0zmQQROL9e4WRrW/XIrT mNJh20Ma7PAO9IzvmU1YtP1TpztqL3wNZke1p88ZgmJr1G3m005NjAnOUlbgjUwl3z J1/TtsmE6XTFAFppujj/NYmrtp7XkqiWJOolOlQWQYi3yNUdz90AfLKM/4atqf93N5 7AzPLeWcmmM2gO5sBTvUSvTw49kU80DHh3AoGiH2jEXiTqv3b2yjVg94a0b4gJ8X0I Rz+TkQf1D/FcKXQVWnXZ2PAKaisSQBjLlud2k6pF80nkwLAk21tIyuXlx9alFuQjpn wiEixh7Jvh6BaGsHzEdXAVzw= From: Tomas Volf <~@wolfsden.cz> Date: Fri, 10 May 2024 00:23:12 +0200 Message-ID: <05152041d295556cb113eb4462252795005e10a6.1715293394.git.~@wolfsden.cz> X-Mailer: git-send-email 2.41.0 In-Reply-To: <4554ead7e7440610c700ba6d5403489f95cfdf80.1715293394.git.~@wolfsden.cz> References: <4554ead7e7440610c700ba6d5403489f95cfdf80.1715293394.git.~@wolfsden.cz> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -0.79 X-Spam-Score: -0.79 X-Migadu-Queue-Id: C73705663 X-Migadu-Scanner: mx11.migadu.com X-TUID: C01XGmbM6oAs Substantial rework of the podman package. The source is no longer patched (at all) and all necessary modifications were moved into wrap-program and phases. Not everything is supported out of the box, but description mentions what packages to install to get additional functionality working. * gnu/packages/containers.scm (podman)[source]: Remove snippet and patches. [arguments]<#:make-flags>: Add HELPER_BINARIES_DIR. Add GOMD2MAN to actually use go-github-com-go-md2man package instead of the bundled version. <#:imported-modules>: Add (guix build go-build-system). <#:phases>{'set-env}: Set `CC' as an environment variable due to bug in make before 4.4. {'fix-hardcoded-paths}: Remove everything except patching `libexec' and `lib' locations. {'symlink-helpers}: New phase symlinking tools not discoverable via $PATH into one directory (`HELPER_BINARIES_DIR'). {'wrap-podman}: New phase wrapping `podman' to set correct $PATH. {'remove-go-references}: New phase stripping references to the golang toolchain from the binaries. [inputs]: Remove no longer needed cni-plugins, slirp4netns. Remove referenced in 'wrap-podman conmon, crun, iptables, passt. Move go-github-com-go-md2man into native-inputs. Add bash-minimal. [native-inputs]: Add custom grep with supported -P. Use newer go. Add mandoc. [description]: Explain how to get `podman compose' and `podman machine' working. * gnu/packages/patches/podman-program-lookup.patch: Delete file. Change-Id: Ifc28971a68751831d781517b041eec951a617087 --- gnu/local.mk | 1 - gnu/packages/containers.scm | 119 ++++++++++------- .../patches/podman-program-lookup.patch | 120 ------------------ 3 files changed, 74 insertions(+), 166 deletions(-) delete mode 100644 gnu/packages/patches/podman-program-lookup.patch diff --git a/gnu/local.mk b/gnu/local.mk index 439fe587b0..fc14c98197 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1810,7 +1810,6 @@ dist_patch_DATA = \ %D%/packages/patches/plasp-fix-normalization.patch \ %D%/packages/patches/plasp-include-iostream.patch \ %D%/packages/patches/pocketfft-cpp-prefer-preprocessor-if.patch \ - %D%/packages/patches/podman-program-lookup.patch \ %D%/packages/patches/pokerth-boost.patch \ %D%/packages/patches/ppsspp-disable-upgrade-and-gold.patch \ %D%/packages/patches/procps-strtod-test.patch \ diff --git a/gnu/packages/containers.scm b/gnu/packages/containers.scm index 517eba45d9..d0bec87fe8 100644 --- a/gnu/packages/containers.scm +++ b/gnu/packages/containers.scm @@ -44,10 +44,13 @@ (define-module (gnu packages containers) #:use-module (gnu packages check) #:use-module (gnu packages compression) #:use-module (gnu packages glib) + #:use-module (gnu packages gcc) #:use-module (gnu packages gnupg) #:use-module (gnu packages golang) #:use-module (gnu packages guile) #:use-module (gnu packages linux) + #:use-module (gnu packages man) + #:use-module (gnu packages pcre) #:use-module (gnu packages python) #:use-module (gnu packages networking) #:use-module (gnu packages pkg-config) @@ -449,84 +452,104 @@ (define-public podman (uri (git-reference (url "https://github.com/containers/podman") (commit (string-append "v" version)))) - (modules '((guix build utils))) - ;; FIXME: Btrfs libraries not detected by these scripts. - (snippet '(substitute* "Makefile" - ((".*hack/btrfs.*") ""))) - (patches - (search-patches - "podman-program-lookup.patch")) (sha256 (base32 "0x8npz0i3dyiaw30vdlb5n8kiaflgjqnrdbdk0yn5zgf5k1jlb7i")) (file-name (git-file-name name version)))) - (build-system gnu-build-system) (arguments (list #:make-flags - #~(list #$(string-append "CC=" (cc-for-target)) - (string-append "PREFIX=" #$output)) + #~(list (string-append "CC=" #$(cc-for-target)) + (string-append "PREFIX=" #$output) + (string-append "HELPER_BINARIES_DIR=" #$output "/_guix") + (string-append "GOMD2MAN=" + #$go-github-com-go-md2man "/bin/go-md2man")) #:tests? #f ; /sys/fs/cgroup not set up in guix sandbox #:test-target "test" + #:imported-modules + (source-module-closure `(,@%gnu-build-system-modules + (guix build go-build-system))) #:phases #~(modify-phases %standard-phases (delete 'configure) (add-after 'unpack 'set-env - (lambda* (#:key inputs #:allow-other-keys) - ;; when running go, things fail because - ;; HOME=/homeless-shelter. - (setenv "HOME" "/tmp"))) + (lambda _ + ;; When running go, things fail because HOME=/homeless-shelter. + (setenv "HOME" "/tmp") + ;; Required for detecting btrfs in hack/btrfs* due to bug in GNU + ;; Make <4.4 causing CC not to be propagated into $(shell ...) + ;; calls. Can be removed once we update to >4.3. + (setenv "CC" #$(cc-for-target)))) (replace 'check (lambda* (#:key tests? #:allow-other-keys) (when tests? - ;; (invoke "strace" "-f" "bin/podman" "version") (invoke "make" "localsystem") (invoke "make" "remotesystem")))) (add-after 'unpack 'fix-hardcoded-paths (lambda _ - (substitute* "vendor/github.com/containers/common/pkg/config/config.go" - (("@SLIRP4NETNS_DIR@") - (string-append #$slirp4netns "/bin")) - (("@PASST_DIR@") - (string-append #$passt "/bin")) - (("@NETAVARK_DIR@") - (string-append #$netavark "/bin"))) - (substitute* "hack/install_catatonit.sh" - (("CATATONIT_PATH=\"[^\"]+\"") - (string-append "CATATONIT_PATH=" (which "true")))) (substitute* "vendor/github.com/containers/common/pkg/config/config_linux.go" (("/usr/local/libexec/podman") (string-append #$output "/libexec/podman")) (("/usr/local/lib/podman") - (string-append #$output "/bin"))) - (substitute* "vendor/github.com/containers/common/pkg/config/default.go" - (("/usr/libexec/podman/conmon") (which "conmon")) - (("/usr/local/libexec/cni") - (string-append #$(this-package-input "cni-plugins") - "/bin")) - (("/usr/bin/crun") (which "crun"))))) + (string-append #$output "/bin"))))) + (add-after 'install 'symlink-helpers + (lambda _ + (mkdir-p (string-append #$output "/_guix")) + (for-each + (lambda (what) + (symlink (string-append (car what) "/bin/" (cdr what)) + (string-append #$output "/_guix/" (cdr what)))) + ;; Only tools that cannot be discovered via $PATH are + ;; symlinked. Rest is handled in the 'wrap-podman phase. + `((#$aardvark-dns . "aardvark-dns") + ;; Required for podman-machine, which is *not* supported out + ;; of the box. But it cannot be discovered via $PATH, so + ;; there is no other way for the user to install it. It + ;; costs ~10MB, so let's leave it here. + (#$gvisor-tap-vsock . "gvproxy") + (#$netavark . "netavark"))))) + (add-after 'install 'wrap-podman + (lambda _ + (wrap-program (string-append #$output "/bin/podman") + `("PATH" suffix + (,(string-append #$catatonit "/bin") + ,(string-append #$conmon "/bin") + ,(string-append #$crun "/bin") + ,(string-append #$gcc "/bin") ; cpp + ,(string-append #$iptables "/sbin") + ,(string-append #$passt "/bin") + ,(string-append #$procps "/bin") ; ps + "/run/setuid-programs"))))) + (add-after 'install 'remove-go-references + (lambda* (#:key inputs #:allow-other-keys) + (let ((go (assoc-ref inputs "go"))) + (for-each + (lambda (file) + (when (executable-file? file) + ((@@ (guix build go-build-system) remove-store-reference) + file go))) + (append (find-files (string-append #$output "/bin")) + (find-files (string-append #$output "/libexec")) + (find-files (string-append #$output "/lib"))))))) (add-after 'install 'install-completions (lambda _ (invoke "make" "install.completions" (string-append "PREFIX=" #$output))))))) (inputs - (list btrfs-progs - cni-plugins - conmon - crun + (list bash-minimal + btrfs-progs gpgme - go-github-com-go-md2man - iptables libassuan libseccomp - libselinux - passt - slirp4netns)) + libselinux)) (native-inputs - (list bats + (list (package/inherit grep + (inputs (list pcre2))) ; Drop once grep on master supports -P + bats git go-1.21 - ; strace ; XXX debug + go-github-com-go-md2man + mandoc pkg-config python)) (home-page "https://podman.io") @@ -536,8 +559,14 @@ (define-public podman volumes mounted into those containers, and pods made from groups of containers. -The @code{machine} subcommand is not supported due to gvproxy not being -packaged.") +Not all commands are working out of the box due to requiring additional +binaries to be present in the $PATH. + +To get @code{podman compose} working, install either @code{podman-compose} or +@code{docker-compose} packages. + +To get @code{podman machine} working, install @code{qemu-minimal}, and +@code{openssh} packages.") (license license:asl2.0))) (define-public podman-compose diff --git a/gnu/packages/patches/podman-program-lookup.patch b/gnu/packages/patches/podman-program-lookup.patch deleted file mode 100644 index 27a9421285..0000000000 --- a/gnu/packages/patches/podman-program-lookup.patch +++ /dev/null @@ -1,120 +0,0 @@ -From 914aed3e04f71453fbdc30f4287e13ca3ce63a36 Mon Sep 17 00:00:00 2001 -From: Tomas Volf <~@wolfsden.cz> -Date: Wed, 14 Feb 2024 20:02:03 +0100 -Subject: [PATCH] Modify search for binaries to fit Guix model - -Podman basically looked into the $PATH and into its libexec. That does not fit -Guix's model very well, to an additional option to specify additional -directories during compilation was added. - -* pkg/rootless/rootless_linux.go -(tryMappingTool): Also check /run/setuid-programs. -* vendor/github.com/containers/common/pkg/config/config.go -(extraGuixDir): New function. -(FindHelperBinary): Use it. -* vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go -(guixLookupSetuidPath): New function. -(Start): Use it. ---- - pkg/rootless/rootless_linux.go | 3 +++ - .../containers/common/pkg/config/config.go | 23 +++++++++++++++++++ - .../storage/pkg/unshare/unshare_linux.go | 14 +++++++++-- - 3 files changed, 38 insertions(+), 2 deletions(-) - -diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go -index d303c8b..0191d90 100644 ---- a/pkg/rootless/rootless_linux.go -+++ b/pkg/rootless/rootless_linux.go -@@ -102,6 +102,9 @@ func tryMappingTool(uid bool, pid int, hostID int, mappings []idtools.IDMap) err - idtype = "setgid" - } - path, err := exec.LookPath(tool) -+ if err != nil { -+ path, err = exec.LookPath("/run/setuid-programs/" + tool) -+ } - if err != nil { - return fmt.Errorf("command required for rootless mode with multiple IDs: %w", err) - } -diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go -index 75b917f..ed2f131 100644 ---- a/vendor/github.com/containers/common/pkg/config/config.go -+++ b/vendor/github.com/containers/common/pkg/config/config.go -@@ -1102,6 +1102,24 @@ func findBindir() string { - return bindirCached - } - -+func extraGuixDir(bin_name string) string { -+ if (bin_name == "slirp4netns") { -+ return "@SLIRP4NETNS_DIR@"; -+ } else if (bin_name == "pasta") { -+ return "@PASST_DIR@"; -+ } else if (strings.HasPrefix(bin_name, "qemu-")) { -+ return "@QEMU_DIR@"; -+ } else if (bin_name == "gvproxy") { -+ return "@GVPROXY_DIR@"; -+ } else if (bin_name == "netavark") { -+ return "@NETAVARK_DIR@"; -+ } else if (bin_name == "aardvark-dns") { -+ return "@AARDVARK_DNS_DIR@"; -+ } else { -+ return ""; -+ } -+} -+ - // FindHelperBinary will search the given binary name in the configured directories. - // If searchPATH is set to true it will also search in $PATH. - func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error) { -@@ -1109,6 +1127,11 @@ func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error) - bindirPath := "" - bindirSearched := false - -+ if dir := extraGuixDir(name); dir != "" { -+ /* If there is a Guix dir, skip the PATH search. */ -+ dirList = append([]string{dir}, dirList...) -+ } -+ - // If set, search this directory first. This is used in testing. - if dir, found := os.LookupEnv("CONTAINERS_HELPER_BINARY_DIR"); found { - dirList = append([]string{dir}, dirList...) -diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go -index a8dc1ba..0b0d755 100644 ---- a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go -+++ b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go -@@ -26,6 +26,16 @@ import ( - "github.com/syndtr/gocapability/capability" - ) - -+func guixLookupSetuidPath(prog string) (string, error) { -+ path, err := exec.LookPath(prog) -+ if err != nil { -+ path, err = exec.LookPath("/run/setuid-programs/" + prog) -+ } -+ return path, err -+} -+ -+ -+ - // Cmd wraps an exec.Cmd created by the reexec package in unshare(), and - // handles setting ID maps and other related settings by triggering - // initialization code in the child. -@@ -237,7 +247,7 @@ func (c *Cmd) Start() error { - gidmapSet := false - // Set the GID map. - if c.UseNewgidmap { -- path, err := exec.LookPath("newgidmap") -+ path, err := guixLookupSetuidPath("newgidmap") - if err != nil { - return fmt.Errorf("finding newgidmap: %w", err) - } -@@ -297,7 +307,7 @@ func (c *Cmd) Start() error { - uidmapSet := false - // Set the UID map. - if c.UseNewuidmap { -- path, err := exec.LookPath("newuidmap") -+ path, err := guixLookupSetuidPath("newuidmap") - if err != nil { - return fmt.Errorf("finding newuidmap: %w", err) - } --- -2.41.0 - -- 2.41.0