Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update to podman 5, including netavark and pasta #87

Merged
merged 5 commits into from
May 19, 2024
Merged

Update to podman 5, including netavark and pasta #87

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
66eadf7
Update to podman 5, including netavark and pasta
mattcen Apr 8, 2024
f1061c1
Remove slirp4netns
mattcen Apr 8, 2024
f556233
Don't access image dir directly for copy out
mattcen Apr 8, 2024
76f7562
Revert "Remove slirp4netns"
mattcen Apr 8, 2024
9a44312
Upgrade podman-remote to v5 also
mattcen Apr 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 24 additions & 1 deletion Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \
# podman (without systemd support)
FROM podmanbuildbase AS podman
RUN apk add --update --no-cache tzdata curl
ARG PODMAN_VERSION=v4.9.4
ARG PODMAN_VERSION=v5.0.0
ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper containers_image_openpgp'
ARG PODMAN_CGO=1
RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman
Expand Down Expand Up @@ -92,6 +92,27 @@ RUN set -ex; \
LDFLAGS=-static ./configure --prefix=/usr; \
make

# netavark
FROM podmanbuildbase AS netavark
WORKDIR /
RUN apk add --update --no-cache cargo
# Build passt
ARG NETAVARK_VERSION=v1.10.3
RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION} https://github.com/containers/netavark
WORKDIR /netavark
RUN LDFLAGS=-static make


# passt
FROM podmanbuildbase AS passt
WORKDIR /
RUN apk add --update --no-cache autoconf automake meson ninja linux-headers libcap-static libcap-dev clang llvm coreutils
# Build passt
ARG PASST_VERSION=2024_04_05.954589b
RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${PASST_VERSION} git://passt.top/passt
WORKDIR /passt
RUN make static


# fuse-overlayfs (derived from https://github.com/containers/fuse-overlayfs/blob/master/Dockerfile.static)
FROM podmanbuildbase AS fuse-overlayfs
Expand Down Expand Up @@ -185,6 +206,8 @@ COPY conf/crun-containers.conf /etc/containers/containers.conf
FROM rootlesspodmanrunc AS podmanall
RUN apk add --no-cache iptables ip6tables
COPY --from=slirp4netns /slirp4netns/slirp4netns /usr/local/bin/slirp4netns
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did you add slirp4netns back? Did it turn out to be required still?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another commit I didn't mean to push that I can revert.
For completeness though, my reason for this change was that pasta and slirp4netns have different default network configurations it appears, such that when I tried to run a container that accessed a TCP port on the host with pasta, it failed (the default pasta config gave the container the same IP as the host, whereas the default slirp4netns config gave it a different IP from the private IP range). I didn't have time to dissect what was going on here and needed this particular container to work, so I wanted to re-build the latest versions of things, including slirp4netns, so I could fall back to it until I had time to configure pasta correctly for my purposes.

COPY --from=passt /passt/pasta /usr/local/bin/pasta
COPY --from=netavark /netavark/bin/netavark /usr/local/lib/podman/netavark
COPY --from=cniplugins /usr/local/lib/cni /usr/local/lib/cni
COPY --from=catatonit /catatonit/catatonit /usr/local/lib/podman/catatonit
COPY conf/cni /etc/cni
2 changes: 1 addition & 1 deletion Dockerfile-remote
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \
# podman remote
FROM podmanbuildbase AS podman-remote
RUN apk add --update --no-cache curl
ARG PODMAN_VERSION=v4.9.4
ARG PODMAN_VERSION=v5.0.0
RUN git clone -c advice.detachedHead=false --depth=1 --branch=${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman
WORKDIR $GOPATH/src/github.com/containers/podman
RUN set -eux; \
Expand Down
3 changes: 1 addition & 2 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,8 +104,7 @@ tar: .podman-from-container
cp -r conf/containers $(ASSET_DIR)/etc/containers
cp -r conf/cni $(ASSET_DIR)/etc/cni
cp README.md $(ASSET_DIR)/
cp -r $(IMAGE_ROOTFS)/usr/local/lib $(ASSET_DIR)/usr/local/lib
cp -r $(IMAGE_ROOTFS)/usr/local/bin $(ASSET_DIR)/usr/local/bin
$(DOCKER) run --rm $(PODMAN_IMAGE) tar c /usr/local/{bin,lib} | tar -xC $(ASSET_DIR)
mgoltzsche marked this conversation as resolved.
Show resolved Hide resolved

signed-tar: tar .gpg
@echo Running gpg signing container with GPG_SIGN_KEY and GPG_SIGN_KEY_PASSPHRASE
Expand Down
Loading