me
/
guix
Archived
1
0
Fork 0
Code

gnu: podman: Revamp the package. 

Substantial rework of the podman package.  The source is no longer patched (at
all) and all necessary modifications were moved into wrap-program and phases.

Not everything is supported out of the box, but description mentions what
packages to install to get additional functionality working.

* gnu/packages/containers.scm (podman)[source]: Remove snippet and patches.
[arguments]<#:make-flags>: Add HELPER_BINARIES_DIR.  Add GOMD2MAN to actually
use go-github-com-go-md2man package instead of the bundled version.
<#:imported-modules>: Add (guix build go-build-system).
<#:phases>{'set-env}: Set `CC' as an environment variable due to bug in make
before 4.4.
{'fix-hardcoded-paths}: Remove everything except patching `libexec' and `lib'
locations.
{'symlink-helpers}: New phase symlinking tools not discoverable via $PATH into
one directory (`HELPER_BINARIES_DIR').
{'wrap-podman}: New phase wrapping `podman' to set correct $PATH.
{'remove-go-references}: New phase stripping references to the golang
toolchain from the binaries.
[inputs]: Remove no longer needed cni-plugins, slirp4netns.  Remove referenced
in 'wrap-podman conmon, crun, iptables, passt.  Move go-github-com-go-md2man
into native-inputs.  Add bash-minimal.
[native-inputs]: Add custom grep with supported -P.  Use newer go.  Add
mandoc.
[description]: Explain how to get `podman compose' and `podman machine'
working.
* gnu/packages/patches/podman-program-lookup.patch: Delete file.

Change-Id: Ifc28971a68751831d781517b041eec951a617087
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
master
Tomas Volf 2024-05-10 00:23:12 +02:00 committed by Sharlatan Hellseher
parent 4f02e0b7f8
commit b55997d9df
No known key found for this signature in database
GPG Key ID: 76D727BFF62CD2B5
3 changed files with 74 additions and 166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
gnu/local.mk
View File

@ -1817,7 +1817,6 @@ dist_patch_DATA = \
%D%/packages/patches/plasp-fix-normalization.patch \ %D%/packages/patches/plasp-fix-normalization.patch \
%D%/packages/patches/plasp-include-iostream.patch \ %D%/packages/patches/plasp-include-iostream.patch \
%D%/packages/patches/pocketfft-cpp-prefer-preprocessor-if.patch \ %D%/packages/patches/pocketfft-cpp-prefer-preprocessor-if.patch \
%D%/packages/patches/podman-program-lookup.patch \
%D%/packages/patches/pokerth-boost.patch \ %D%/packages/patches/pokerth-boost.patch \
%D%/packages/patches/ppsspp-disable-upgrade-and-gold.patch \ %D%/packages/patches/ppsspp-disable-upgrade-and-gold.patch \
%D%/packages/patches/procps-strtod-test.patch \ %D%/packages/patches/procps-strtod-test.patch \

119
gnu/packages/containers.scm
View File

@ -44,10 +44,13 @@
#:use-module (gnu packages check) #:use-module (gnu packages check)
#:use-module (gnu packages compression) #:use-module (gnu packages compression)
#:use-module (gnu packages glib) #:use-module (gnu packages glib)
#:use-module (gnu packages gcc)
#:use-module (gnu packages gnupg) #:use-module (gnu packages gnupg)
#:use-module (gnu packages golang) #:use-module (gnu packages golang)
#:use-module (gnu packages guile) #:use-module (gnu packages guile)
#:use-module (gnu packages linux) #:use-module (gnu packages linux)
#:use-module (gnu packages man)
#:use-module (gnu packages pcre)
#:use-module (gnu packages python) #:use-module (gnu packages python)
#:use-module (gnu packages networking) #:use-module (gnu packages networking)
#:use-module (gnu packages pkg-config) #:use-module (gnu packages pkg-config)
@ -458,84 +461,104 @@ Its main purpose is to support the key usage by @code{docker-init}:
(uri (git-reference (uri (git-reference
(url "https://github.com/containers/podman") (url "https://github.com/containers/podman")
(commit (string-append "v" version)))) (commit (string-append "v" version))))
(modules '((guix build utils)))
;; FIXME: Btrfs libraries not detected by these scripts.
(snippet '(substitute* "Makefile"
((".*hack/btrfs.*") "")))
(patches
(search-patches
"podman-program-lookup.patch"))
(sha256 (sha256
(base32 "0x8npz0i3dyiaw30vdlb5n8kiaflgjqnrdbdk0yn5zgf5k1jlb7i")) (base32 "0x8npz0i3dyiaw30vdlb5n8kiaflgjqnrdbdk0yn5zgf5k1jlb7i"))
(file-name (git-file-name name version)))) (file-name (git-file-name name version))))
(build-system gnu-build-system) (build-system gnu-build-system)
(arguments (arguments
(list (list
#:make-flags #:make-flags
#~(list #$(string-append "CC=" (cc-for-target)) #~(list (string-append "CC=" #$(cc-for-target))
(string-append "PREFIX=" #$output)) (string-append "PREFIX=" #$output)
(string-append "HELPER_BINARIES_DIR=" #$output "/_guix")
(string-append "GOMD2MAN="
#$go-github-com-go-md2man "/bin/go-md2man"))
#:tests? #f ; /sys/fs/cgroup not set up in guix sandbox #:tests? #f ; /sys/fs/cgroup not set up in guix sandbox
#:test-target "test" #:test-target "test"
#:imported-modules
(source-module-closure `(,@%gnu-build-system-modules
(guix build go-build-system)))
#:phases #:phases
#~(modify-phases %standard-phases #~(modify-phases %standard-phases
(delete 'configure) (delete 'configure)
(add-after 'unpack 'set-env (add-after 'unpack 'set-env
(lambda* (#:key inputs #:allow-other-keys) (lambda _
;; when running go, things fail because ;; When running go, things fail because HOME=/homeless-shelter.
;; HOME=/homeless-shelter. (setenv "HOME" "/tmp")
(setenv "HOME" "/tmp"))) ;; Required for detecting btrfs in hack/btrfs* due to bug in GNU
;; Make <4.4 causing CC not to be propagated into $(shell ...)
;; calls. Can be removed once we update to >4.3.
(setenv "CC" #$(cc-for-target))))
(replace 'check (replace 'check
(lambda* (#:key tests? #:allow-other-keys) (lambda* (#:key tests? #:allow-other-keys)
(when tests? (when tests?
;; (invoke "strace" "-f" "bin/podman" "version")
(invoke "make" "localsystem") (invoke "make" "localsystem")
(invoke "make" "remotesystem")))) (invoke "make" "remotesystem"))))
(add-after 'unpack 'fix-hardcoded-paths (add-after 'unpack 'fix-hardcoded-paths
(lambda _ (lambda _
(substitute* "vendor/github.com/containers/common/pkg/config/config.go"
(("@SLIRP4NETNS_DIR@")
(string-append #$slirp4netns "/bin"))
(("@PASST_DIR@")
(string-append #$passt "/bin"))
(("@NETAVARK_DIR@")
(string-append #$netavark "/bin")))
(substitute* "hack/install_catatonit.sh"
(("CATATONIT_PATH=\"[^\"]+\"")
(string-append "CATATONIT_PATH=" (which "true"))))
(substitute* "vendor/github.com/containers/common/pkg/config/config_linux.go" (substitute* "vendor/github.com/containers/common/pkg/config/config_linux.go"
(("/usr/local/libexec/podman") (("/usr/local/libexec/podman")
(string-append #$output "/libexec/podman")) (string-append #$output "/libexec/podman"))
(("/usr/local/lib/podman") (("/usr/local/lib/podman")
(string-append #$output "/bin"))) (string-append #$output "/bin")))))
(substitute* "vendor/github.com/containers/common/pkg/config/default.go" (add-after 'install 'symlink-helpers
(("/usr/libexec/podman/conmon") (which "conmon")) (lambda _
(("/usr/local/libexec/cni") (mkdir-p (string-append #$output "/_guix"))
(string-append #$(this-package-input "cni-plugins") (for-each
"/bin")) (lambda (what)
(("/usr/bin/crun") (which "crun"))))) (symlink (string-append (car what) "/bin/" (cdr what))
(string-append #$output "/_guix/" (cdr what))))
;; Only tools that cannot be discovered via $PATH are
;; symlinked. Rest is handled in the 'wrap-podman phase.
`((#$aardvark-dns . "aardvark-dns")
;; Required for podman-machine, which is *not* supported out
;; of the box. But it cannot be discovered via $PATH, so
;; there is no other way for the user to install it. It
;; costs ~10MB, so let's leave it here.
(#$gvisor-tap-vsock . "gvproxy")
(#$netavark . "netavark")))))
(add-after 'install 'wrap-podman
(lambda _
(wrap-program (string-append #$output "/bin/podman")
`("PATH" suffix
(,(string-append #$catatonit "/bin")
,(string-append #$conmon "/bin")
,(string-append #$crun "/bin")
,(string-append #$gcc "/bin") ; cpp
,(string-append #$iptables "/sbin")
,(string-append #$passt "/bin")
,(string-append #$procps "/bin") ; ps
"/run/setuid-programs")))))
(add-after 'install 'remove-go-references
(lambda* (#:key inputs #:allow-other-keys)
(let ((go (assoc-ref inputs "go")))
(for-each
(lambda (file)
(when (executable-file? file)
((@@ (guix build go-build-system) remove-store-reference)
file go)))
(append (find-files (string-append #$output "/bin"))
(find-files (string-append #$output "/libexec"))
(find-files (string-append #$output "/lib")))))))
(add-after 'install 'install-completions (add-after 'install 'install-completions
(lambda _ (lambda _
(invoke "make" "install.completions" (invoke "make" "install.completions"
(string-append "PREFIX=" #$output))))))) (string-append "PREFIX=" #$output)))))))
(inputs (inputs
(list btrfs-progs (list bash-minimal
cni-plugins btrfs-progs
conmon
crun
gpgme gpgme
go-github-com-go-md2man
iptables
libassuan libassuan
libseccomp libseccomp
libselinux libselinux))
passt
slirp4netns))
(native-inputs (native-inputs
(list bats (list (package/inherit grep
(inputs (list pcre2))) ; Drop once grep on master supports -P
bats
git git
go-1.21 go-1.21
; strace ; XXX debug go-github-com-go-md2man
mandoc
pkg-config pkg-config
python)) python))
(home-page "https://podman.io") (home-page "https://podman.io")
@ -545,8 +568,14 @@ Its main purpose is to support the key usage by @code{docker-init}:
volumes mounted into those containers, and pods made from groups of volumes mounted into those containers, and pods made from groups of
containers. containers.
The @code{machine} subcommand is not supported due to gvproxy not being Not all commands are working out of the box due to requiring additional
packaged.") binaries to be present in the $PATH.
To get @code{podman compose} working, install either @code{podman-compose} or
@code{docker-compose} packages.
To get @code{podman machine} working, install @code{qemu-minimal}, and
@code{openssh} packages.")
(license license:asl2.0))) (license license:asl2.0)))
(define-public podman-compose (define-public podman-compose

120
gnu/packages/patches/podman-program-lookup.patch
View File

@ -1,120 +0,0 @@
From 914aed3e04f71453fbdc30f4287e13ca3ce63a36 Mon Sep 17 00:00:00 2001
From: Tomas Volf <~@wolfsden.cz>
Date: Wed, 14 Feb 2024 20:02:03 +0100
Subject: [PATCH] Modify search for binaries to fit Guix model
Podman basically looked into the $PATH and into its libexec. That does not fit
Guix's model very well, to an additional option to specify additional
directories during compilation was added.
* pkg/rootless/rootless_linux.go
(tryMappingTool): Also check /run/setuid-programs.
* vendor/github.com/containers/common/pkg/config/config.go
(extraGuixDir): New function.
(FindHelperBinary): Use it.
* vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go
(guixLookupSetuidPath): New function.
(Start): Use it.
---
pkg/rootless/rootless_linux.go | 3 +++
.../containers/common/pkg/config/config.go | 23 +++++++++++++++++++
.../storage/pkg/unshare/unshare_linux.go | 14 +++++++++--
3 files changed, 38 insertions(+), 2 deletions(-)
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index d303c8b..0191d90 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -102,6 +102,9 @@ func tryMappingTool(uid bool, pid int, hostID int, mappings []idtools.IDMap) err
idtype = "setgid"
}
path, err := exec.LookPath(tool)
+ if err != nil {
+ path, err = exec.LookPath("/run/setuid-programs/" + tool)
+ }
if err != nil {
return fmt.Errorf("command required for rootless mode with multiple IDs: %w", err)
}
diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go
index 75b917f..ed2f131 100644
--- a/vendor/github.com/containers/common/pkg/config/config.go
+++ b/vendor/github.com/containers/common/pkg/config/config.go
@@ -1102,6 +1102,24 @@ func findBindir() string {
return bindirCached
}
+func extraGuixDir(bin_name string) string {
+ if (bin_name == "slirp4netns") {
+ return "@SLIRP4NETNS_DIR@";
+ } else if (bin_name == "pasta") {
+ return "@PASST_DIR@";
+ } else if (strings.HasPrefix(bin_name, "qemu-")) {
+ return "@QEMU_DIR@";
+ } else if (bin_name == "gvproxy") {
+ return "@GVPROXY_DIR@";
+ } else if (bin_name == "netavark") {
+ return "@NETAVARK_DIR@";
+ } else if (bin_name == "aardvark-dns") {
+ return "@AARDVARK_DNS_DIR@";
+ } else {
+ return "";
+ }
+}
+
// FindHelperBinary will search the given binary name in the configured directories.
// If searchPATH is set to true it will also search in $PATH.
func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error) {
@@ -1109,6 +1127,11 @@ func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error)
bindirPath := ""
bindirSearched := false
+ if dir := extraGuixDir(name); dir != "" {
+ /* If there is a Guix dir, skip the PATH search. */
+ dirList = append([]string{dir}, dirList...)
+ }
+
// If set, search this directory first. This is used in testing.
if dir, found := os.LookupEnv("CONTAINERS_HELPER_BINARY_DIR"); found {
dirList = append([]string{dir}, dirList...)
diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go
index a8dc1ba..0b0d755 100644
--- a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go
+++ b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go
@@ -26,6 +26,16 @@ import (
"github.com/syndtr/gocapability/capability"
)
+func guixLookupSetuidPath(prog string) (string, error) {
+ path, err := exec.LookPath(prog)
+ if err != nil {
+ path, err = exec.LookPath("/run/setuid-programs/" + prog)
+ }
+ return path, err
+}
+
+
+
// Cmd wraps an exec.Cmd created by the reexec package in unshare(), and
// handles setting ID maps and other related settings by triggering
// initialization code in the child.
@@ -237,7 +247,7 @@ func (c *Cmd) Start() error {
gidmapSet := false
// Set the GID map.
if c.UseNewgidmap {
- path, err := exec.LookPath("newgidmap")
+ path, err := guixLookupSetuidPath("newgidmap")
if err != nil {
return fmt.Errorf("finding newgidmap: %w", err)
}
@@ -297,7 +307,7 @@ func (c *Cmd) Start() error {
uidmapSet := false
// Set the UID map.
if c.UseNewuidmap {
- path, err := exec.LookPath("newuidmap")
+ path, err := guixLookupSetuidPath("newuidmap")
if err != nil {
return fmt.Errorf("finding newuidmap: %w", err)
}
--
2.41.0