From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id QKQhHTd7pGFDpgAAgWs5BA (envelope-from ) for ; Mon, 29 Nov 2021 08:03:19 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id oObYGDd7pGGKTQAAB5/wlQ (envelope-from ) for ; Mon, 29 Nov 2021 07:03:19 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id AACBD14BF5 for ; Mon, 29 Nov 2021 08:03:18 +0100 (CET) Received: from localhost ([::1]:36390 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mrah3-00083M-BS for larch@yhetil.org; Mon, 29 Nov 2021 02:03:17 -0500 Received: from eggs.gnu.org ([209.51.188.92]:60788) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mrago-00082i-N3 for guix-patches@gnu.org; Mon, 29 Nov 2021 02:03:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:53531) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mrago-0004wj-Dc for guix-patches@gnu.org; Mon, 29 Nov 2021 02:03:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mrago-0006pT-8w for guix-patches@gnu.org; Mon, 29 Nov 2021 02:03:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#52174] [PATCH] gnu: Add podman Resent-From: Timmy Douglas Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 29 Nov 2021 07:03:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 52174 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 52174@debbugs.gnu.org Cc: Timmy Douglas X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.163816932326180 (code B ref -1); Mon, 29 Nov 2021 07:03:02 +0000 Received: (at submit) by debbugs.gnu.org; 29 Nov 2021 07:02:03 +0000 Received: from localhost ([127.0.0.1]:36844 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mrafm-0006nq-Vu for submit@debbugs.gnu.org; Mon, 29 Nov 2021 02:02:03 -0500 Received: from lists.gnu.org ([209.51.188.17]:37956) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mrafk-0006ni-0Z for submit@debbugs.gnu.org; Mon, 29 Nov 2021 02:01:57 -0500 Received: from eggs.gnu.org ([209.51.188.92]:59894) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mrafj-0007w3-Pp for guix-patches@gnu.org; Mon, 29 Nov 2021 02:01:55 -0500 Received: from out1.migadu.com ([91.121.223.63]:63206) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mraff-0004oK-LT for guix-patches@gnu.org; Mon, 29 Nov 2021 02:01:55 -0500 X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=timmydouglas.com; s=key1; t=1638169306; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RVMdUA0Z5HTVBSTtfBRWZcFB0uLWzqlyxgyvYCC07fw=; b=W7beZXaaSbEidhPh/MHeGSxvs7yzLfv9e9TIYTHBuYPlFjGBfEExemET1vZWpV58NoLi7R /ckUlyt1WKgzrXZvliRhdnT7SwAhFJa0I9djYXS0vc2BqVEzsbOmoIQiBIvl9SZz33MonM VKI7A7mFmVDyk4szAIPj4jLkWB5Vj5E= Date: Sun, 28 Nov 2021 22:46:36 -0800 Message-Id: <4d5abde1033a5178c7b088fbd13f93f4f96866b6.1638168394.git.mail@timmydouglas.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=91.121.223.63; envelope-from=mail@timmydouglas.com; helo=out1.migadu.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" Reply-to: Timmy Douglas X-ACL-Warn: , Timmy Douglas via Guix-patches From: Timmy Douglas via Guix-patches via X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1638169399; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=RVMdUA0Z5HTVBSTtfBRWZcFB0uLWzqlyxgyvYCC07fw=; b=jzX+fc04w9qdJXJ/wFt7RQgCM3exhP1NGgFPNWR1+f7tkc80qSV15O3vrly8hcMJaNOqRT Tvmcfq9RixLeamfig6mooUK91sJwsQBxe3wYJDGSyu0h7uUDJCwh6p3pX0eNb7+SLyyh1B Gq6cQC3Z2q4W/SvAoEuqMf3KZI0aXRg6lgboVvYmove/aUbcqUFDffE8nWg/XkAyEQ63lG cnqSHyRk8HPHPrZ7/hDn9G5j10JFq9rozl6kWaldgioYJnH5tC8rDUFNav3E606p9NlVZS z4R5+lAXneTGuIFs2nTHxw+rfJgPtlBoCnD2UHWM/zgiG8MiakMcBjwzLVny9w== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1638169399; a=rsa-sha256; cv=none; b=kT5gEpbY+T920G04/QTd+OfpKg4liggguhh17nIWPvYNsOxAXdetzx6HAJ8tomXfAuJaW0 rbvh1jbqAFv9voTXpUP8j57eXGPg9TTOs89icjrMwU+Yz3KMvlrS7+LEMvV83oSroeypFQ lZ+vMZ2YwHGjNYOvy1Dbu+V3/fr19rFr73Ag+G5nSyPbs9iJsbNcZ5Si8yW2EzTEZfHQKF +U2J/+gyPyt1yOPatDzdFXK+7I1y4mt8Tciwf+RSYT/XYKNdXz4S8ky/PQ6okdDsqZtUok VNuhjad8Pw/5pl0SglyqG86lgILa4/G1O7Hu31v4DO6vjSbYGzYwt5njJdUBpQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=timmydouglas.com header.s=key1 header.b=W7beZXaa; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -3.71 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=timmydouglas.com header.s=key1 header.b=W7beZXaa; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: AACBD14BF5 X-Spam-Score: -3.71 X-Migadu-Scanner: scn1.migadu.com X-TUID: U+rRpAI8OkTj * gnu/packages/containers.scm (crun, conmon, libslirp, slirp4netns, cni-plugins, podman): Add podman and dependencies. --- I was going to try running some docker containers on my Guix system today, but I noticed docker was an old version. I decided to try packaging podman as the daemonless aspect seems appealing and was able to run a basic alpine image (rootless) after a couple of hours of putting this together. This is one of my first packages for Guix, so please give me some feedback--I'm also interested if anyone else would like to work together on this, because I'm fairly new to Guix and I haven't used podman before either. This probably needs some more testing since I only tried a basic scenario. For podman to work, I needed to run this: `sudo mount -t cgroup2 none /sys/fs/cgroup` gnu/packages/containers.scm | 304 ++++++++++++++++++++++++++++++++++++ 1 file changed, 304 insertions(+) create mode 100644 gnu/packages/containers.scm diff --git a/gnu/packages/containers.scm b/gnu/packages/containers.scm new file mode 100644 index 0000000000..1c83698c2e --- /dev/null +++ b/gnu/packages/containers.scm @@ -0,0 +1,304 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2021 Timmy Douglas +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages containers) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (gnu packages) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (guix git-download) + #:use-module (guix build-system gnu) + #:use-module (guix build-system go) + #:use-module (guix build-system meson) + #:use-module (guix utils) + #:use-module (gnu packages autotools) + #:use-module (gnu packages base) + #:use-module (gnu packages check) + #:use-module (gnu packages compression) + #:use-module (gnu packages glib) + #:use-module (gnu packages gnupg) + #:use-module (gnu packages golang) + #:use-module (gnu packages linux) + #:use-module (gnu packages python) + #:use-module (gnu packages networking) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages selinux) + #:use-module (gnu packages version-control) + #:use-module (gnu packages virtualization) + #:use-module (gnu packages web)) + +;; For podman to work, the user needs to run +;; `sudo mount -t cgroup2 none /sys/fs/cgroup` + +(define-public crun + (package + (name "crun") + (version "1.3") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/containers/crun") + (commit "8e5757a4e68590326dafe8a8b1b4a584b10a1370") ; 1.3 + (recursive? #t))) + (sha256 + (base32 "01yiss2d57kwlxb7zlqzjwlg9fyaf19yjngd1mw9n4hxls3dfj3k")) + (file-name (git-file-name name version)))) + + (build-system gnu-build-system) + (arguments + '(#:tests? #f + #:configure-flags '("--disable-systemd") + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'do-not-depend-on-git + (lambda _ + (substitute* "autogen.sh" + (("^git submodule update.*") + "")) + (with-output-to-file "git-version.h" + (lambda () + (display (string-append + "/* autogenerated. */\n#ifndef GIT_VERSION\n# define GIT_VERSION \"" + "8e5757a4e68590326dafe8a8b1b4a584b10a1370" ; refactor this + "\"\n#endif\n")))) + #t + ))))) + (inputs + `(("libcap" ,libcap) + ("libseccomp" ,libseccomp) + ("libyajl" ,libyajl))) + (native-inputs + `(("automake" ,automake) + ("autoreconf" ,autoconf) + ("git" ,git) + ("libtool" ,libtool) + ("pkg-config" ,pkg-config) + ("python-3" ,python-3))) + (home-page "https://github.com/containers/crun") + (synopsis "OCI Container runtime") + (description + "crun is a fast and low-memory footprint OCI Container Runtime fully written in C.") + (license license:gpl2+))) + +(define-public conmon + (package + (name "conmon") + (version "v2.0.30") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/containers/conmon") + (commit version))) + (sha256 + (base32 "1sxpbm01g4xak4kqwvk45gmzr6n9bjzlfp1j85wyz8rj2hg2x4rm")) + (file-name (git-file-name name version)))) + + (build-system gnu-build-system) + (arguments + `(#:make-flags (list ,(string-append "CC=" (cc-for-target)) + (string-append "PREFIX=" %output)) + #:tests? #f ; currently broken as go tries to use network + #:phases (modify-phases %standard-phases + (delete 'configure) + (add-after 'unpack 'set-env + (lambda* (#:key inputs #:allow-other-keys) + ;; when running go, things fail because + ;; HOME=/homeless-shelter. + (setenv "HOME" "/tmp"))) + (replace 'check + (lambda* (#:key tests? #:allow-other-keys) + (when tests? + (invoke "make" "test"))))))) + (inputs + `(("glib" ,glib) + ("glibc" ,glibc) + ("libseccomp" ,libseccomp) + ("crun" ,crun))) + (native-inputs + `(("git" ,git) + ("go" ,go) + ("pkg-config" ,pkg-config))) + (home-page "https://github.com/containers/conmon") + (synopsis "Monitoring and communication tool between container manager and OCI runtime") + (description + "Conmon is a monitoring program and communication tool between a container +manager (like Podman or CRI-O) and an OCI runtime (like runc or crun) for a +single container.") + (license license:asl2.0))) + +(define-public libslirp + (package + (name "libslirp") + (version "v4.6.1") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://gitlab.freedesktop.org/slirp/libslirp") + (commit version))) + (sha256 + (base32 "1b4cn51xvzbrxd63g6w1033prvbxfxsnsn1l0fa5i311xv28vkh0")) + (file-name (git-file-name name version)))) + + (build-system meson-build-system) + (arguments '(#:tests? #f)) + (inputs + `(("glib" ,glib))) + (native-inputs + `(("pkg-config" ,pkg-config))) + (home-page "https://gitlab.freedesktop.org/slirp/libslirp") + (synopsis "User-mode networking library") + (description + "libslirp is a user-mode networking library used by virtual machines, +containers or various tools.") + (license license:non-copyleft))) ;fixme what is this? + +(define-public slirp4netns + (package + (name "slirp4netns") + (version "v1.1.12") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/rootless-containers/slirp4netns") + (commit version))) + (sha256 + (base32 "03llv4dlf7qqxwz4zdyk926g4bigfj2gb50glm70ciflpvzs8081")) + (file-name (git-file-name name version)))) + + (build-system gnu-build-system) + (arguments '(#:tests? #f)) + (inputs + `(("glib" ,glib) + ("libcap" ,libcap) + ("libseccomp" ,libseccomp) + ("libslirp" ,libslirp))) + (native-inputs + `(("automake" ,automake) + ("autoreconf" ,autoconf) + ("pkg-config" ,pkg-config))) + (home-page "https://github.com/rootless-containers/slirp4netns") + (synopsis "User-mode networking for unprivileged network namespaces") + (description + "slirp4netns provides user-mode networking (\"slirp\") for unprivileged network namespaces.") + (license license:gpl2+))) + +(define-public cni-plugins + (package + (name "cni-plugins") + (version "v1.0.1") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/containernetworking/plugins") + (commit version))) + (sha256 + (base32 "1j91in0mg4nblpdccyq63ncbnn2pc2zzjp1fh3jy0bsndllgv0nc")) + (file-name (git-file-name name version)))) + + (build-system go-build-system) + (arguments + `(#:unpack-path "github.com/containernetworking/plugins" + #:tests? #f + #:phases (modify-phases %standard-phases + (replace 'build + (lambda _ + (with-directory-excursion "src/github.com/containernetworking/plugins" + (invoke "./build_linux.sh")))) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (copy-recursively "src/github.com/containernetworking/plugins/bin" + (string-append (assoc-ref outputs "out") "/bin")) + #t))))) + (home-page "https://github.com/containernetworking/plugins") + (synopsis "CNI network plugins") + (description + "Some CNI network plugins, maintained by the containernetworking team.") + (license license:asl2.0))) + +(define-public podman + (package + (name "podman") + (version "v3.4.2") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/containers/podman") + (commit version))) + (sha256 + (base32 "0v1xpd1q6ym9ibaj6242v4mp0wwdmj4dd9l7zfyydbxrx6a8ahjn")) + (file-name (git-file-name name version)))) + + (build-system gnu-build-system) + (arguments + `(#:make-flags (list ,(string-append "CC=" (cc-for-target)) + (string-append "PREFIX=" %output)) + #:tests? #f ; need to setup ginkgo + #:phases (modify-phases %standard-phases + (delete 'configure) + (add-after 'unpack 'set-env + (lambda* (#:key inputs #:allow-other-keys) + ;; when running go, things fail because + ;; HOME=/homeless-shelter. + (setenv "HOME" "/tmp"))) + (add-after 'unpack 'fix-hardcoded-paths + (lambda _ + (substitute* (find-files "libpod" "\\.go") + (("exec.LookPath[(][\"]slirp4netns[\"][)]") + (string-append "exec.LookPath(\"" (which "slirp4netns") "\")"))) + (substitute* "vendor/github.com/containers/common/pkg/config/config_linux.go" + (("/usr/local/libexec/podman") + (string-append (assoc-ref %outputs "out") "/bin"))) + (substitute* "vendor/github.com/containers/common/pkg/config/default.go" + (("/usr/libexec/podman/conmon") (which "conmon")) + (("/usr/local/libexec/cni") + (string-append (assoc-ref %build-inputs "cni-plugins") "/bin")) + (("/usr/bin/crun") (which "crun"))) + #true)) + (replace 'check + (lambda* (#:key tests? #:allow-other-keys) + (when tests? + (invoke "make" "test"))))))) + (inputs + `(("btrfs-progs" ,btrfs-progs) + ("cni-plugins" ,cni-plugins) + ("conmon" ,conmon) + ("gpgme" ,gpgme) + ("go-md2man" ,go-github-com-go-md2man) + ("iptables" ,iptables) ; fixme not sure if podman will call this using $PATH + ("libassuan" ,libassuan) + ("libseccomp" ,libseccomp) + ("libselinux" ,libselinux) + ("slirp4netns" ,slirp4netns) + ("crun" ,crun))) + (native-inputs + `(("git" ,git) + ("go" ,go) + ("pkg-config" ,pkg-config))) + (home-page "https://podman.io") + (synopsis "Manage containers, images, pods, and their volumes") + (description + "Podman (the POD MANager) is a tool for managing containers and images, +volumes mounted into those containers, and pods made from groups of +containers.") + (license license:asl2.0))) -- 2.33.1