From 4c78291cc799cc5e1a1fee1548decd0b4b168155 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sun, 13 Aug 2023 18:59:17 -0500 Subject: [PATCH 01/92] Update README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9b6691a..493fbee 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# podman binaries and container images ![GitHub workflow badge](https://github.com/mgoltzsche/podman-static/workflows/Release/badge.svg) +# podman binaries and container images ![GitHub workflow badge](https://github.com/trentapple/podman-static/workflows/Release/badge.svg) This project provides alpine-based podman container images and statically linked (rootless) podman binaries for linux/amd64 and linux/arm64/v8 machines along with its dependencies _(without systemd support)_: * [podman](https://github.com/containers/podman) From aadbb44b7c7d691e04e22901d0d6931f9132fb7c Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sun, 13 Aug 2023 19:13:17 -0500 Subject: [PATCH 02/92] Update release --- .github/workflows/release.yml | 107 +--------------------------------- 1 file changed, 1 insertion(+), 106 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2621cb6..afcdf2f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -37,109 +37,4 @@ jobs: env: GPG_SIGN_KEY: ${{ secrets.GPG_SIGN_KEY }} GPG_SIGN_KEY_PASSPHRASE: ${{ secrets.GPG_SIGN_KEY_PASSPHRASE }} - - - name: Log into GitHub registry - run: echo "$GITHUB_TOKEN" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - env: - GITHUB_TOKEN: ${{ github.token }} - - - name: Log into DockerHub registry - run: echo "$DOCKERHUB_TOKEN" | docker login docker.io -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin - env: - DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Push images - run: | - set -eu - - GITHUB_IMAGE_REPO=ghcr.io/mgoltzsche/podman - GITHUB_IMAGE_REPO=$(echo $GITHUB_IMAGE_REPO | tr '[A-Z]' '[a-z]') - DOCKERHUB_IMAGE_REPO=docker.io/mgoltzsche/podman - - # Strip git ref prefix from version - TAGS=$(echo "$GITHUB_REF" | sed -e 's,.*/\(.*\),\1,') - # Strip "v" prefix from tag name - [[ "$GITHUB_REF" == "refs/tags/v"* ]] && TAGS=$(echo $TAGS | sed -e 's/^v//') - # Expand tags: 1.2.3 -> 1 1.2 1.2.3 - TAGS="$(echo "$TAGS" | sed -E -e 's/^((([0-9]+)\.[0-9]+)\.[0-9]+)$/\3 \2 \1/')" - - for IMAGE in $PODMAN_REMOTE_IMAGE $PODMAN_IMAGE $PODMAN_MINIMAL_IMAGE; do - TAG_SUFFIX=$(echo $IMAGE | sed -E -e 's/^([^-]+)//') - LATEST_TAG="$([ "$TAG_SUFFIX" ] && echo $TAG_SUFFIX | sed -E -e 's/^-//' || echo latest)" - [ "$TAGS" == "master" ] && IMAGE_TAGS="$LATEST_TAG" || IMAGE_TAGS="$LATEST_TAG $TAGS" - TAG_OPTS= - printf 'Pushing image tags: ' - for TAG in $IMAGE_TAGS; do - [ "$TAG" = "$LATEST_TAG" ] || TAG="${TAG}${TAG_SUFFIX}" - TAG_OPTS="$TAG_OPTS -t $DOCKERHUB_IMAGE_REPO:$TAG -t $GITHUB_IMAGE_REPO:$TAG" - printf ' %s' "$TAG" - done - echo - echo "Pushing $IMAGE image to $DOCKERHUB_IMAGE_REPO and $GITHUB_IMAGE_REPO" - make "$IMAGE" PODMAN_BUILD_OPTS="$TAG_OPTS" PODMAN_MINIMAL_BUILD_OPTS="$TAG_OPTS" PODMAN_REMOTE_BUILD_OPTS="$TAG_OPTS" - done - env: - BUILDX_OUTPUT: type=registry - PLATFORM: linux/arm64/v8,linux/amd64 - GITHUB_REF: ${{ github.ref }} - - - name: Create release - if: github.ref != 'refs/heads/master' - id: create_release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: ${{ github.ref }} - release_name: ${{ github.ref }} - draft: false - prerelease: true - - - name: Upload arm64 archive signature - if: github.ref != 'refs/heads/master' - id: upload-arm64-archive-signature - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps - asset_path: ./build/asset/podman-linux-arm64.tar.gz.asc - asset_name: podman-linux-arm64.tar.gz.asc - asset_content_type: application/octet-stream - - - name: Upload arm64 archive - if: github.ref != 'refs/heads/master' - id: upload-arm64-archive - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps - asset_path: ./build/asset/podman-linux-arm64.tar.gz - asset_name: podman-linux-arm64.tar.gz - asset_content_type: application/octet-stream - - - name: Upload amd64 archive signature - if: github.ref != 'refs/heads/master' - id: upload-amd64-archive-signature - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps - asset_path: ./build/asset/podman-linux-amd64.tar.gz.asc - asset_name: podman-linux-amd64.tar.gz.asc - asset_content_type: application/octet-stream - - - name: Upload amd64 archive - if: github.ref != 'refs/heads/master' - id: upload-amd64-archive - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps - asset_path: ./build/asset/podman-linux-amd64.tar.gz - asset_name: podman-linux-amd64.tar.gz - asset_content_type: application/octet-stream - + From 9029a91f7856971f3156c4c2c230d409c836d85f Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sun, 13 Aug 2023 19:17:49 -0500 Subject: [PATCH 03/92] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 493fbee..ae918e9 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,8 @@ This project provides alpine-based podman container images and statically linked * [CNI plugins](https://github.com/containernetworking/plugins): loopback, bridge, host-local, portmap, firewall, tuning * [catatonit](https://github.com/openSUSE/catatonit) +(note that CNI may be replaced -- also be familiar with [Podman Networking Docs](https://docs.podman.io/en/latest/markdown/podman-network.1.html)) + ## Container image The following image tags are supported: From 2de5e4bfdc7b02c5088ce3c1a69b41ec9cedf3de Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sun, 13 Aug 2023 20:26:14 -0500 Subject: [PATCH 04/92] Update README --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index ae918e9..64a0b4b 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ Please note that, when running non-remote podman within a docker container, the Run podman in docker: ```sh -docker run --privileged -u podman:podman mgoltzsche/podman:minimal docker run alpine:latest echo hello from nested container +docker run --privileged -u podman:podman trentapple/podman:minimal docker run alpine:latest echo hello from nested container ``` _Within the container `docker` is linked to `podman` to support applications that use the `docker` command._ @@ -40,12 +40,12 @@ _In case you're using an arm64 machine (e.g. a Raspberry Pi), you need to substi Download the statically linked binaries of podman and its dependencies: ```sh -curl -fsSL -o podman-linux-amd64.tar.gz https://github.com/mgoltzsche/podman-static/releases/latest/download/podman-linux-amd64.tar.gz +curl -fsSL -o podman-linux-amd64.tar.gz https://github.com/trentapple/podman-static/releases/latest/download/podman-linux-amd64.tar.gz ``` Verify the archive's signature (optional): ```sh -curl -fsSL -o podman-linux-amd64.tar.gz.asc https://github.com/mgoltzsche/podman-static/releases/latest/download/podman-linux-amd64.tar.gz.asc +curl -fsSL -o podman-linux-amd64.tar.gz.asc https://github.com/trentapple/podman-static/releases/latest/download/podman-linux-amd64.tar.gz.asc gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 0CCF102C4F95D89E583FF1D4F8B5AF50344BB503 gpg --batch --verify podman-linux-amd64.tar.gz.asc podman-linux-amd64.tar.gz ``` @@ -54,7 +54,7 @@ _This may fail every now and then due to desync/unavailable key servers. In that Download a specific version: ```sh VERSION= -curl -fsSL -o podman-linux-amd64.tar.gz https://github.com/mgoltzsche/podman-static/releases/download/$VERSION/podman-linux-amd64.tar.gz +curl -fsSL -o podman-linux-amd64.tar.gz https://github.com/trentapple/podman-static/releases/download/$VERSION/podman-linux-amd64.tar.gz ``` Install the binaries and configuration on your host after you've inspected the archive: From b33390159f83690a6fdff564116a0ab7d9d65337 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sun, 13 Aug 2023 21:38:31 -0500 Subject: [PATCH 05/92] Delete release.yml --- .github/workflows/release.yml | 40 ----------------------------------- 1 file changed, 40 deletions(-) delete mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index afcdf2f..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: Release - -on: - push: - # Publish `master` as Docker `latest` image. - branches: - - master - - # Publish `v1.2.3` tags as releases. - tags: - - v* - -env: - PODMAN_IMAGE: podman - PODMAN_MINIMAL_IMAGE: podman-minimal - PODMAN_REMOTE_IMAGE: podman-remote - -jobs: - push: - runs-on: ubuntu-latest - if: github.event_name == 'push' - - steps: - - name: Check out code - uses: actions/checkout@v2 - - - name: Set up qemu - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - - name: Build & test - run: make images test - - - name: Build signed archives - run: make clean multiarch-tar TAR_TARGET=signed-tar - env: - GPG_SIGN_KEY: ${{ secrets.GPG_SIGN_KEY }} - GPG_SIGN_KEY_PASSPHRASE: ${{ secrets.GPG_SIGN_KEY_PASSPHRASE }} - From a6ae1c6b99da0f1df192b2d9cc099b870a6d15fc Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sun, 13 Aug 2023 21:38:57 -0500 Subject: [PATCH 06/92] Create release.yml --- .github/workflows/release.yml | 40 +++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..afcdf2f --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,40 @@ +name: Release + +on: + push: + # Publish `master` as Docker `latest` image. + branches: + - master + + # Publish `v1.2.3` tags as releases. + tags: + - v* + +env: + PODMAN_IMAGE: podman + PODMAN_MINIMAL_IMAGE: podman-minimal + PODMAN_REMOTE_IMAGE: podman-remote + +jobs: + push: + runs-on: ubuntu-latest + if: github.event_name == 'push' + + steps: + - name: Check out code + uses: actions/checkout@v2 + + - name: Set up qemu + uses: docker/setup-qemu-action@v1 + with: + platforms: all + + - name: Build & test + run: make images test + + - name: Build signed archives + run: make clean multiarch-tar TAR_TARGET=signed-tar + env: + GPG_SIGN_KEY: ${{ secrets.GPG_SIGN_KEY }} + GPG_SIGN_KEY_PASSPHRASE: ${{ secrets.GPG_SIGN_KEY_PASSPHRASE }} + From d9b275091025e74df246125cc55822c42894e64a Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sun, 13 Aug 2023 22:23:55 -0500 Subject: [PATCH 07/92] Update Makefile --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 8570b79..7c565d0 100644 --- a/Makefile +++ b/Makefile @@ -1,9 +1,9 @@ -PODMAN_IMAGE_NAME ?= mgoltzsche/podman +PODMAN_IMAGE_NAME ?= trentapple/podman PODMAN_IMAGE ?= $(PODMAN_IMAGE_NAME):latest PODMAN_IMAGE_TARGET ?= podmanall PODMAN_MINIMAL_IMAGE ?= $(PODMAN_IMAGE)-minimal PODMAN_REMOTE_IMAGE ?= $(PODMAN_IMAGE)-remote -PODMAN_SSH_IMAGE ?= mgoltzsche/podman-ssh +PODMAN_SSH_IMAGE ?= trentapple/podman-ssh PODMAN_BUILD_OPTS ?= -t $(PODMAN_IMAGE) PODMAN_MINIMAL_BUILD_OPTS ?= -t $(PODMAN_MINIMAL_IMAGE) PODMAN_REMOTE_BUILD_OPTS ?= -t $(PODMAN_REMOTE_IMAGE) From 986ed0c688b9045a0376c8d9c26c69c59b3cd6c0 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sun, 13 Aug 2023 22:24:21 -0500 Subject: [PATCH 08/92] Update remote.bats --- test/remote.bats | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/remote.bats b/test/remote.bats index c9d8add..76ad9ed 100644 --- a/test/remote.bats +++ b/test/remote.bats @@ -1,8 +1,8 @@ #!/usr/bin/env bats : ${DOCKER:=docker} -: ${PODMAN_IMAGE:=mgoltzsche/podman:latest} -: ${PODMAN_REMOTE_IMAGE:=mgoltzsche/podman:latest-remote} +: ${PODMAN_IMAGE:=trentapple/podman:latest} +: ${PODMAN_REMOTE_IMAGE:=trentapple/podman:latest-remote} PODMAN_ADDRESS=127.0.0.1:53453 PODMAN_CONTAINER=podman-test-server From 1011454aa57be8d8d873dc5bb7cf084a0c7a0669 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sun, 13 Aug 2023 22:24:36 -0500 Subject: [PATCH 09/92] Update rootless.bats --- test/rootless.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/rootless.bats b/test/rootless.bats index f70eaab..ac03e19 100644 --- a/test/rootless.bats +++ b/test/rootless.bats @@ -1,7 +1,7 @@ #!/usr/bin/env bats : ${DOCKER:=docker} -: ${PODMAN_IMAGE:=mgoltzsche/podman:latest} +: ${PODMAN_IMAGE:=trentapple/podman:latest} : ${TEST_PREFIX:=rootless} PODMAN_ROOT_DATA_DIR="$BATS_TEST_DIRNAME/../build/test-storage/user" From 15574e81435a69d15b84f084404b5585040cdfa4 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sun, 13 Aug 2023 22:24:49 -0500 Subject: [PATCH 10/92] Update rootful.bats --- test/rootful.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/rootful.bats b/test/rootful.bats index be47bd7..e80c3b9 100644 --- a/test/rootful.bats +++ b/test/rootful.bats @@ -1,7 +1,7 @@ #!/usr/bin/env bats : ${DOCKER:=docker} -: ${PODMAN_IMAGE:=mgoltzsche/podman:latest} +: ${PODMAN_IMAGE:=trentapple/podman:latest} PODMAN_ROOT_DATA_DIR="$BATS_TEST_DIRNAME/../build/test-storage/root" From 96c9ae43a188192802a62da0260e980f055c0c0c Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sun, 13 Aug 2023 22:28:42 -0500 Subject: [PATCH 11/92] Update Makefile --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 7c565d0..5ec62f3 100644 --- a/Makefile +++ b/Makefile @@ -32,7 +32,8 @@ BUILDX_OPTS ?= --builder=$(BUILDX_BUILDER) --output=$(BUILDX_OUTPUT) --platform= ASSET_NAME := podman-linux-$(ARCH) ASSET_DIR := $(BUILD_DIR)/asset/$(ASSET_NAME) -images: podman podman-remote podman-minimal +#images: podman podman-remote podman-minimal +images: podman-minimal multiarch-tar multiarch-images: PLATFORM = linux/arm64/v8,linux/amd64 multiarch-tar: BUILDX_OUTPUT = type=local,dest=$(IMAGE_EXPORT_DIR) From 117edfdc21ca3ad0af414c5a0da3923919c89559 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sun, 13 Aug 2023 23:46:06 -0500 Subject: [PATCH 12/92] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 64a0b4b..0f9d742 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ This project provides alpine-based podman container images and statically linked * [CNI plugins](https://github.com/containernetworking/plugins): loopback, bridge, host-local, portmap, firewall, tuning * [catatonit](https://github.com/openSUSE/catatonit) -(note that CNI may be replaced -- also be familiar with [Podman Networking Docs](https://docs.podman.io/en/latest/markdown/podman-network.1.html)) +(note that CNI may be replaced. See also: [Podman Networking Docs](https://docs.podman.io/en/latest/markdown/podman-network.1.html)) ## Container image From 48ed1d14f11189dd259e7a483e22bbb43dc7a489 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sun, 13 Aug 2023 23:46:43 -0500 Subject: [PATCH 13/92] Update release.yml --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index afcdf2f..b8a3241 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,7 +4,7 @@ on: push: # Publish `master` as Docker `latest` image. branches: - - master + - main # Publish `v1.2.3` tags as releases. tags: From 6efb2d13656ed71cdaf89139c4ba9c111fabd866 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sun, 13 Aug 2023 23:48:40 -0500 Subject: [PATCH 14/92] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0f9d742..e11870a 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ This project provides alpine-based podman container images and statically linked * [CNI plugins](https://github.com/containernetworking/plugins): loopback, bridge, host-local, portmap, firewall, tuning * [catatonit](https://github.com/openSUSE/catatonit) -(note that CNI may be replaced. See also: [Podman Networking Docs](https://docs.podman.io/en/latest/markdown/podman-network.1.html)) +CNI may be replaced. See also: [Podman Networking Docs](https://docs.podman.io/en/latest/markdown/podman-network.1.html) ## Container image From ff6a69f3fe3d7d46c3a4b8133aafae71367865c0 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Mon, 14 Aug 2023 19:30:21 -0500 Subject: [PATCH 15/92] Update release.yml --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b8a3241..8f04dce 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,9 +11,9 @@ on: - v* env: - PODMAN_IMAGE: podman + #PODMAN_IMAGE: podman PODMAN_MINIMAL_IMAGE: podman-minimal - PODMAN_REMOTE_IMAGE: podman-remote + #PODMAN_REMOTE_IMAGE: podman-remote jobs: push: From 6bbc3b61ce1b8297f342fd202acd23cc50df5727 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Mon, 14 Aug 2023 19:35:37 -0500 Subject: [PATCH 16/92] Update release.yml --- .github/workflows/release.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8f04dce..f71d7f8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,7 +30,8 @@ jobs: platforms: all - name: Build & test - run: make images test + run: make images + #run: make images test - name: Build signed archives run: make clean multiarch-tar TAR_TARGET=signed-tar From 01ae8d3d9e05b822f6e87861e181a705eebbd974 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Mon, 14 Aug 2023 20:38:14 -0500 Subject: [PATCH 17/92] Update Dockerfile with input label --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index af449a4..809a001 100644 --- a/Dockerfile +++ b/Dockerfile @@ -137,7 +137,7 @@ RUN set -ex; \ # Build podman base image FROM alpine:3.18 AS podmanbase -LABEL maintainer="Max Goltzsche " +LABEL maintainer="${{ secrets.maintainer_publisher }}" RUN apk add --no-cache tzdata ca-certificates COPY --from=conmon /conmon/bin/conmon /usr/local/lib/podman/conmon COPY --from=podman /usr/local/lib/podman/rootlessport /usr/local/lib/podman/rootlessport From 8c5f339e22becf1355d071764ba4d638caabd743 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Mon, 14 Aug 2023 20:39:20 -0500 Subject: [PATCH 18/92] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 809a001..7fe1a21 100644 --- a/Dockerfile +++ b/Dockerfile @@ -137,7 +137,7 @@ RUN set -ex; \ # Build podman base image FROM alpine:3.18 AS podmanbase -LABEL maintainer="${{ secrets.maintainer_publisher }}" +LABEL maintainer=${{ secrets.maintainer_publisher }} RUN apk add --no-cache tzdata ca-certificates COPY --from=conmon /conmon/bin/conmon /usr/local/lib/podman/conmon COPY --from=podman /usr/local/lib/podman/rootlessport /usr/local/lib/podman/rootlessport From 09e5f80bce8922aa87ee57b25b87c5009e43c30f Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Mon, 14 Aug 2023 22:39:54 -0500 Subject: [PATCH 19/92] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7fe1a21..48c36d7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -137,7 +137,7 @@ RUN set -ex; \ # Build podman base image FROM alpine:3.18 AS podmanbase -LABEL maintainer=${{ secrets.maintainer_publisher }} +LABEL maintainer="" RUN apk add --no-cache tzdata ca-certificates COPY --from=conmon /conmon/bin/conmon /usr/local/lib/podman/conmon COPY --from=podman /usr/local/lib/podman/rootlessport /usr/local/lib/podman/rootlessport From eec182ab6f8709bba245418a723a8b4f5154df3c Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Mon, 14 Aug 2023 23:33:01 -0500 Subject: [PATCH 20/92] Update Makefile --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 5ec62f3..8b2bb81 100644 --- a/Makefile +++ b/Makefile @@ -32,8 +32,8 @@ BUILDX_OPTS ?= --builder=$(BUILDX_BUILDER) --output=$(BUILDX_OUTPUT) --platform= ASSET_NAME := podman-linux-$(ARCH) ASSET_DIR := $(BUILD_DIR)/asset/$(ASSET_NAME) -#images: podman podman-remote podman-minimal -images: podman-minimal +images: podman podman-remote podman-minimal +#images: podman-minimal multiarch-tar multiarch-images: PLATFORM = linux/arm64/v8,linux/amd64 multiarch-tar: BUILDX_OUTPUT = type=local,dest=$(IMAGE_EXPORT_DIR) From 0290d332b0c53d424b8b01e62d4c540475eb2849 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Tue, 15 Aug 2023 02:03:57 -0500 Subject: [PATCH 21/92] Update release.yml --- .github/workflows/release.yml | 29 ++--------------------------- 1 file changed, 2 insertions(+), 27 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f71d7f8..a12192f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,32 +10,7 @@ on: tags: - v* -env: - #PODMAN_IMAGE: podman - PODMAN_MINIMAL_IMAGE: podman-minimal - #PODMAN_REMOTE_IMAGE: podman-remote - jobs: push: - runs-on: ubuntu-latest - if: github.event_name == 'push' - - steps: - - name: Check out code - uses: actions/checkout@v2 - - - name: Set up qemu - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - - name: Build & test - run: make images - #run: make images test - - - name: Build signed archives - run: make clean multiarch-tar TAR_TARGET=signed-tar - env: - GPG_SIGN_KEY: ${{ secrets.GPG_SIGN_KEY }} - GPG_SIGN_KEY_PASSPHRASE: ${{ secrets.GPG_SIGN_KEY_PASSPHRASE }} - + - name: Download a Build Artifact + uses: actions/download-artifact@v2.1.1 From b0401c1ebcce6dac5931bf47a268205fe0c496e1 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Tue, 15 Aug 2023 02:26:33 -0500 Subject: [PATCH 22/92] Update release.yml --- .github/workflows/release.yml | 143 +++++++++++++++++++++++++++++++++- 1 file changed, 139 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a12192f..29722bf 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -2,7 +2,7 @@ name: Release on: push: - # Publish `master` as Docker `latest` image. + # Publish `main` as Docker `latest` image. branches: - main @@ -10,7 +10,142 @@ on: tags: - v* +env: + PODMAN_IMAGE: podman + PODMAN_MINIMAL_IMAGE: podman-minimal + PODMAN_REMOTE_IMAGE: podman-remote + jobs: - push: - - name: Download a Build Artifact - uses: actions/download-artifact@v2.1.1 + push: + runs-on: ubuntu-latest +# if: github.event_name == 'push' + + steps: + - name: Check out code + uses: actions/checkout@v2 + + - name: Set up qemu + uses: docker/setup-qemu-action@v1 + with: + platforms: all + + - name: Build & test + run: make images + #run: make images test + + - name: Build signed archives + run: make clean multiarch-tar TAR_TARGET=signed-tar + env: + GPG_SIGN_KEY: ${{ secrets.GPG_SIGN_KEY }} + GPG_SIGN_KEY_PASSPHRASE: ${{ secrets.GPG_SIGN_KEY_PASSPHRASE }} + + - name: Upload a Build Artifact archive amd64 + uses: actions/upload-artifact@v2.1.1 + with: + path: ./build/asset/podman-linux-amd64.tar.gz + name: podman-linux-amd64.tar.gz + + - name: Upload a Build Artifact signature amd64 + uses: actions/upload-artifact@v2.1.1 + with: + path: ./build/asset/podman-linux-amd64.tar.gz.asc + name: podman-linux-amd64.tar.gz.asc + + - name: Log into GitHub registry + run: echo "$GITHUB_TOKEN" | docker login ghcr.io -u ${{ github.actor }} --password-stdin + env: + GITHUB_TOKEN: ${{ github.token }} + + - name: Push images + run: | + set -eu + + GITHUB_IMAGE_REPO=ghcr.io/trentapple/podman-static + GITHUB_IMAGE_REPO=$(echo $GITHUB_IMAGE_REPO | tr '[A-Z]' '[a-z]') + + # Strip git ref prefix from version + TAGS=$(echo "$GITHUB_REF" | sed -e 's,.*/\(.*\),\1,') + # Strip "v" prefix from tag name + [[ "$GITHUB_REF" == "refs/tags/v"* ]] && TAGS=$(echo $TAGS | sed -e 's/^v//') + # Expand tags: 1.2.3 -> 1 1.2 1.2.3 + TAGS="$(echo "$TAGS" | sed -E -e 's/^((([0-9]+)\.[0-9]+)\.[0-9]+)$/\3 \2 \1/')" + + for IMAGE in $PODMAN_REMOTE_IMAGE $PODMAN_IMAGE $PODMAN_MINIMAL_IMAGE; do + TAG_SUFFIX=$(echo $IMAGE | sed -E -e 's/^([^-]+)//') + LATEST_TAG="$([ "$TAG_SUFFIX" ] && echo $TAG_SUFFIX | sed -E -e 's/^-//' || echo latest)" + [ "$TAGS" == "main" ] && IMAGE_TAGS="$LATEST_TAG" || IMAGE_TAGS="$LATEST_TAG $TAGS" + TAG_OPTS= + printf 'Pushing image tags: ' + for TAG in $IMAGE_TAGS; do + [ "$TAG" = "$LATEST_TAG" ] || TAG="${TAG}${TAG_SUFFIX}" + TAG_OPTS="$TAG_OPTS -t $GITHUB_IMAGE_REPO:$TAG" + printf ' %s' "$TAG" + done + echo + echo "Pushing $IMAGE image $GITHUB_IMAGE_REPO" + make "$IMAGE" PODMAN_BUILD_OPTS="$TAG_OPTS" PODMAN_MINIMAL_BUILD_OPTS="$TAG_OPTS" PODMAN_REMOTE_BUILD_OPTS="$TAG_OPTS" + done + env: + BUILDX_OUTPUT: type=registry + PLATFORM: linux/arm64/v8,linux/amd64 + GITHUB_REF: ${{ github.ref }} + + - name: Create release + if: github.ref != 'refs/heads/main' + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: ${{ github.ref }} + release_name: ${{ github.ref }} + draft: false + prerelease: true + + - name: Upload arm64 archive signature + if: github.ref != 'refs/heads/main' + id: upload-arm64-archive-signature + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps + asset_path: ./build/asset/podman-linux-arm64.tar.gz.asc + asset_name: podman-linux-arm64.tar.gz.asc + asset_content_type: application/octet-stream + + - name: Upload arm64 archive + if: github.ref != 'refs/heads/main' + id: upload-arm64-archive + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps + asset_path: ./build/asset/podman-linux-arm64.tar.gz + asset_name: podman-linux-arm64.tar.gz + asset_content_type: application/octet-stream + + - name: Upload amd64 archive signature + if: github.ref != 'refs/heads/main' + id: upload-amd64-archive-signature + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps + asset_path: ./build/asset/podman-linux-amd64.tar.gz.asc + asset_name: podman-linux-amd64.tar.gz.asc + asset_content_type: application/octet-stream + + - name: Upload amd64 archive + if: github.ref != 'refs/heads/main' + id: upload-amd64-archive + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps + asset_path: ./build/asset/podman-linux-amd64.tar.gz + asset_name: podman-linux-amd64.tar.gz + asset_content_type: application/octet-stream From 8fbff41fc1d5514640c8edeece7d77a029e6d29f Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Tue, 15 Aug 2023 16:32:01 -0500 Subject: [PATCH 23/92] action refactor --- .github/workflows/push.yml | 141 ++++++++++++++++++++++++++++++++++ .github/workflows/release.yml | 105 +++---------------------- 2 files changed, 150 insertions(+), 96 deletions(-) create mode 100644 .github/workflows/push.yml diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml new file mode 100644 index 0000000..e770623 --- /dev/null +++ b/.github/workflows/push.yml @@ -0,0 +1,141 @@ +name: Push + +on: + workflow_dispatch: + inputs: + job-id: + description: 'The job ID to depend on' + required: true + +env: + PODMAN_IMAGE: podman + PODMAN_MINIMAL_IMAGE: podman-minimal + PODMAN_REMOTE_IMAGE: podman-remote + +jobs: + push: + runs-on: ubuntu-latest + steps: + - name: Download a Build Artifact archive amd64 + uses: actions/download-artifact@v2.1.1 + with: + path: ./build/asset/podman-linux-amd64.tar.gz + name: podman-linux-amd64.tar.gz + + - name: Download a Build Artifact signature amd64 + uses: actions/upload-artifact@v2.1.1 + with: + path: ./build/asset/podman-linux-amd64.tar.gz.asc + name: podman-linux-amd64.tar.gz.asc + + - name: Download a Build Artifact archive aarch64 + uses: actions/download-artifact@v2.1.1 + with: + path: ./build/asset/podman-linux-arm64.tar.gz + name: podman-linux-arm64.tar.gz + + - name: Download a Build Artifact signature aarch64 + uses: actions/download-artifact@v2.1.1 + with: + path: ./build/asset/podman-linux-arm64.tar.gz.asc + name: podman-linux-arm64.tar.gz.asc + + + - name: Log into GitHub registry + run: echo "$GITHUB_TOKEN" | docker login ghcr.io -u ${{ github.actor }} --password-stdin + env: + GITHUB_TOKEN: ${{ github.token }} + + - name: Push images + run: | + set -eu + + GITHUB_IMAGE_REPO=ghcr.io/trentapple/podman-static + GITHUB_IMAGE_REPO=$(echo $GITHUB_IMAGE_REPO | tr '[A-Z]' '[a-z]') + + # Strip git ref prefix from version + TAGS=$(echo "$GITHUB_REF" | sed -e 's,.*/\(.*\),\1,') + # Strip "v" prefix from tag name + [[ "$GITHUB_REF" == "refs/tags/v"* ]] && TAGS=$(echo $TAGS | sed -e 's/^v//') + # Expand tags: 1.2.3 -> 1 1.2 1.2.3 + TAGS="$(echo "$TAGS" | sed -E -e 's/^((([0-9]+)\.[0-9]+)\.[0-9]+)$/\3 \2 \1/')" + + for IMAGE in $PODMAN_REMOTE_IMAGE $PODMAN_IMAGE $PODMAN_MINIMAL_IMAGE; do + TAG_SUFFIX=$(echo $IMAGE | sed -E -e 's/^([^-]+)//') + LATEST_TAG="$([ "$TAG_SUFFIX" ] && echo $TAG_SUFFIX | sed -E -e 's/^-//' || echo latest)" + [ "$TAGS" == "main" ] && IMAGE_TAGS="$LATEST_TAG" || IMAGE_TAGS="$LATEST_TAG $TAGS" + TAG_OPTS= + printf 'Pushing image tags: ' + for TAG in $IMAGE_TAGS; do + [ "$TAG" = "$LATEST_TAG" ] || TAG="${TAG}${TAG_SUFFIX}" + TAG_OPTS="$TAG_OPTS -t $GITHUB_IMAGE_REPO:$TAG" + printf ' %s' "$TAG" + done + echo + echo "Pushing $IMAGE image $GITHUB_IMAGE_REPO" + make "$IMAGE" PODMAN_BUILD_OPTS="$TAG_OPTS" PODMAN_MINIMAL_BUILD_OPTS="$TAG_OPTS" PODMAN_REMOTE_BUILD_OPTS="$TAG_OPTS" + done + env: + BUILDX_OUTPUT: type=registry + PLATFORM: linux/arm64/v8,linux/amd64 + GITHUB_REF: ${{ github.ref }} + + - name: Create release + if: github.ref != 'refs/heads/main' + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: ${{ github.ref }} + release_name: ${{ github.ref }} + draft: false + prerelease: true + + - name: Upload arm64 archive signature + if: github.ref != 'refs/heads/main' + id: upload-arm64-archive-signature + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps + asset_path: ./build/asset/podman-linux-arm64.tar.gz.asc + asset_name: podman-linux-arm64.tar.gz.asc + asset_content_type: application/octet-stream + + - name: Upload arm64 archive + if: github.ref != 'refs/heads/main' + id: upload-arm64-archive + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps + asset_path: ./build/asset/podman-linux-arm64.tar.gz + asset_name: podman-linux-arm64.tar.gz + asset_content_type: application/octet-stream + + - name: Upload amd64 archive signature + if: github.ref != 'refs/heads/main' + id: upload-amd64-archive-signature + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps + asset_path: ./build/asset/podman-linux-amd64.tar.gz.asc + asset_name: podman-linux-amd64.tar.gz.asc + asset_content_type: application/octet-stream + + - name: Upload amd64 archive + if: github.ref != 'refs/heads/main' + id: upload-amd64-archive + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps + asset_path: ./build/asset/podman-linux-amd64.tar.gz + asset_name: podman-linux-amd64.tar.gz + asset_content_type: application/octet-stream diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 29722bf..8aaafd2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ env: PODMAN_REMOTE_IMAGE: podman-remote jobs: - push: + push: runs-on: ubuntu-latest # if: github.event_name == 'push' @@ -51,101 +51,14 @@ jobs: path: ./build/asset/podman-linux-amd64.tar.gz.asc name: podman-linux-amd64.tar.gz.asc - - name: Log into GitHub registry - run: echo "$GITHUB_TOKEN" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - env: - GITHUB_TOKEN: ${{ github.token }} - - - name: Push images - run: | - set -eu - - GITHUB_IMAGE_REPO=ghcr.io/trentapple/podman-static - GITHUB_IMAGE_REPO=$(echo $GITHUB_IMAGE_REPO | tr '[A-Z]' '[a-z]') - - # Strip git ref prefix from version - TAGS=$(echo "$GITHUB_REF" | sed -e 's,.*/\(.*\),\1,') - # Strip "v" prefix from tag name - [[ "$GITHUB_REF" == "refs/tags/v"* ]] && TAGS=$(echo $TAGS | sed -e 's/^v//') - # Expand tags: 1.2.3 -> 1 1.2 1.2.3 - TAGS="$(echo "$TAGS" | sed -E -e 's/^((([0-9]+)\.[0-9]+)\.[0-9]+)$/\3 \2 \1/')" - - for IMAGE in $PODMAN_REMOTE_IMAGE $PODMAN_IMAGE $PODMAN_MINIMAL_IMAGE; do - TAG_SUFFIX=$(echo $IMAGE | sed -E -e 's/^([^-]+)//') - LATEST_TAG="$([ "$TAG_SUFFIX" ] && echo $TAG_SUFFIX | sed -E -e 's/^-//' || echo latest)" - [ "$TAGS" == "main" ] && IMAGE_TAGS="$LATEST_TAG" || IMAGE_TAGS="$LATEST_TAG $TAGS" - TAG_OPTS= - printf 'Pushing image tags: ' - for TAG in $IMAGE_TAGS; do - [ "$TAG" = "$LATEST_TAG" ] || TAG="${TAG}${TAG_SUFFIX}" - TAG_OPTS="$TAG_OPTS -t $GITHUB_IMAGE_REPO:$TAG" - printf ' %s' "$TAG" - done - echo - echo "Pushing $IMAGE image $GITHUB_IMAGE_REPO" - make "$IMAGE" PODMAN_BUILD_OPTS="$TAG_OPTS" PODMAN_MINIMAL_BUILD_OPTS="$TAG_OPTS" PODMAN_REMOTE_BUILD_OPTS="$TAG_OPTS" - done - env: - BUILDX_OUTPUT: type=registry - PLATFORM: linux/arm64/v8,linux/amd64 - GITHUB_REF: ${{ github.ref }} - - - name: Create release - if: github.ref != 'refs/heads/main' - id: create_release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: ${{ github.ref }} - release_name: ${{ github.ref }} - draft: false - prerelease: true - - - name: Upload arm64 archive signature - if: github.ref != 'refs/heads/main' - id: upload-arm64-archive-signature - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps - asset_path: ./build/asset/podman-linux-arm64.tar.gz.asc - asset_name: podman-linux-arm64.tar.gz.asc - asset_content_type: application/octet-stream - - - name: Upload arm64 archive - if: github.ref != 'refs/heads/main' - id: upload-arm64-archive - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps - asset_path: ./build/asset/podman-linux-arm64.tar.gz - asset_name: podman-linux-arm64.tar.gz - asset_content_type: application/octet-stream - - - name: Upload amd64 archive signature - if: github.ref != 'refs/heads/main' - id: upload-amd64-archive-signature - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Upload a Build Artifact archive aarch64 + uses: actions/upload-artifact@v2.1.1 with: - upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps - asset_path: ./build/asset/podman-linux-amd64.tar.gz.asc - asset_name: podman-linux-amd64.tar.gz.asc - asset_content_type: application/octet-stream + path: ./build/asset/podman-linux-arm64.tar.gz + name: podman-linux-arm64.tar.gz - - name: Upload amd64 archive - if: github.ref != 'refs/heads/main' - id: upload-amd64-archive - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Upload a Build Artifact signature aarch64 + uses: actions/upload-artifact@v2.1.1 with: - upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps - asset_path: ./build/asset/podman-linux-amd64.tar.gz - asset_name: podman-linux-amd64.tar.gz - asset_content_type: application/octet-stream + path: ./build/asset/podman-linux-arm64.tar.gz.asc + name: podman-linux-arm64.tar.gz.asc From 0b8f2e1882a1d1c65314ecb423bb5415095b8365 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Tue, 15 Aug 2023 23:57:53 -0500 Subject: [PATCH 24/92] Update README signing --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e11870a..a039c05 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ curl -fsSL -o podman-linux-amd64.tar.gz https://github.com/trentapple/podman-sta Verify the archive's signature (optional): ```sh curl -fsSL -o podman-linux-amd64.tar.gz.asc https://github.com/trentapple/podman-static/releases/latest/download/podman-linux-amd64.tar.gz.asc -gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 0CCF102C4F95D89E583FF1D4F8B5AF50344BB503 +gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys C1EAB6D69BC45DCB758A46B9B874F7B61B16FBA6 gpg --batch --verify podman-linux-amd64.tar.gz.asc podman-linux-amd64.tar.gz ``` _This may fail every now and then due to desync/unavailable key servers. In that case please retry._ From 791db48ddb8b6bcc48e5336e3b31f8c6f9e342d4 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Tue, 15 Aug 2023 23:58:50 -0500 Subject: [PATCH 25/92] Update Makefile signature / integrity / security --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 8b2bb81..d226b23 100644 --- a/Makefile +++ b/Makefile @@ -127,7 +127,7 @@ verify-signature: for _ in `seq 1 10`; do \ TMPDIR=$$(mktemp -d); \ export GNUPGHOME=$$TMPDIR; \ - gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 0CCF102C4F95D89E583FF1D4F8B5AF50344BB503 && \ + gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys C1EAB6D69BC45DCB758A46B9B874F7B61B16FBA6 && \ gpg --list-keys && \ gpg --batch --verify $(ASSET_DIR).tar.gz.asc $(ASSET_DIR).tar.gz && \ rm -rf $$TMPDIR && \ @@ -159,7 +159,7 @@ run-server: podman-ssh sh -c 'set -x; \ ssh-keygen -b 2048 -t rsa -N "" -f /podman/.ssh/ssh_host_rsa_key; \ ssh-keygen -b 521 -t ecdsa -N "" -f /podman/.ssh/ssh_host_ecdsa_key; \ - [ -f /build/storage/user/client_rsa ] || ssh-keygen -b 2048 -t rsa -N "" -f /build/storage/user/client_rsa; \ + [ -f /build/storage/user/client_rsa ] || ssh-keygen -b 4096 -t rsa -N "" -f /build/storage/user/client_rsa; \ cat /build/storage/user/client_rsa.pub > /podman/.ssh/authorized_keys; \ /usr/sbin/sshd -eD -f ~/.ssh/sshd_config & \ mkdir /tmp/podman; \ From 372d33c2c536a4bfb70d0e2d98570591dbff1e93 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Wed, 16 Aug 2023 04:19:39 -0500 Subject: [PATCH 26/92] upd. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 48c36d7..28db9f8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,7 +30,7 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ # podman (without systemd support) FROM podmanbuildbase AS podman RUN apk add --update --no-cache tzdata curl -ARG PODMAN_VERSION=v4.6.0 +ARG PODMAN_VERSION=v4.6.1 ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper containers_image_openpgp' ARG PODMAN_CGO=1 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman From 263bd816bd728345ef229a541add3312228e5479 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Fri, 18 Aug 2023 15:22:05 -0500 Subject: [PATCH 27/92] Update push.yml (#1) --- .github/workflows/push.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index e770623..a72a6ca 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -15,6 +15,9 @@ env: jobs: push: runs-on: ubuntu-latest + permissions: + deployments: write + packages: write steps: - name: Download a Build Artifact archive amd64 uses: actions/download-artifact@v2.1.1 From a8a710fc0ca8b8d183516b1d7176c8ca7ac4d04e Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Thu, 4 Jan 2024 17:00:48 -0600 Subject: [PATCH 28/92] Enable ed25519 host key in sshd_config --- sshd_config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sshd_config b/sshd_config index f8fc954..2be95ad 100644 --- a/sshd_config +++ b/sshd_config @@ -4,7 +4,7 @@ Port 2222 PidFile /tmp/sshd.pid HostKey /podman/.ssh/ssh_host_rsa_key HostKey /podman/.ssh/ssh_host_ecdsa_key -#HostKey /podman/.ssh/ssh_host_ed25519_key +HostKey /podman/.ssh/ssh_host_ed25519_key AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no PubkeyAuthentication yes From 60202c5aab14f45aa95d443be6433eb2f338563a Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 11:03:15 -0600 Subject: [PATCH 29/92] Evaluate arg opts for latest released versions. --- Dockerfile | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0ef713a..460f2b6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,7 +27,11 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ # podman (without systemd support) FROM podmanbuildbase AS podman RUN apk add --update --no-cache tzdata curl -ARG PODMAN_VERSION=v4.8.1 + +#ARG PODMAN_VERSION=$(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep tag_name | cut -d '"' -f 4) +#ARG PODMAN_VERSION=v5.0.0 +RUN export PODMAN_VERSION=$(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep tag_name | cut -d '"' -f 4) +# v4_8_1 was last version manually specified ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper containers_image_openpgp' ARG PODMAN_CGO=1 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman @@ -47,7 +51,8 @@ RUN set -ex; \ # conmon (without systemd support) FROM podmanbuildbase AS conmon -ARG CONMON_VERSION=v2.1.8 +#ARG CONMON_VERSION=v2.1.10 +ARG CONMON_VERSION=$(curl -s https://api.github.com/repos/containers/conmon/releases/latest | grep tag_name | cut -d '"' -f 4) RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${CONMON_VERSION} https://github.com/containers/conmon.git /conmon WORKDIR /conmon RUN set -ex; \ @@ -55,7 +60,8 @@ RUN set -ex; \ bin/conmon --help >/dev/null -# CNI plugins +# CNI network backend and Cgroups V1 are deprecated +# CNI plugins (removed in podman 5.0 and replaced by netavark) FROM podmanbuildbase AS cniplugins ARG CNI_PLUGIN_VERSION=v1.4.0 ARG CNI_PLUGINS="ipam/host-local main/loopback main/bridge meta/portmap meta/tuning meta/firewall" @@ -69,6 +75,16 @@ RUN set -ex; \ done +# netavark +FROM podmanbuildbase AS netavark +ARG NETAVARK_VERSION=v1.9.0 +RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION} https://github.com/containers/netavark /netavark +WORKDIR /netavark +RUN set -ex; \ + make; \ + ./netavark --version + + # slirp4netns FROM podmanbuildbase AS slirp4netns WORKDIR / From 6a580ed3b104d868766107dc4c4c589850bacf29 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 11:04:19 -0600 Subject: [PATCH 30/92] Simple export. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 460f2b6..73cc4a8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -52,7 +52,7 @@ RUN set -ex; \ # conmon (without systemd support) FROM podmanbuildbase AS conmon #ARG CONMON_VERSION=v2.1.10 -ARG CONMON_VERSION=$(curl -s https://api.github.com/repos/containers/conmon/releases/latest | grep tag_name | cut -d '"' -f 4) +RUN export CONMON_VERSION=$(curl -s https://api.github.com/repos/containers/conmon/releases/latest | grep tag_name | cut -d '"' -f 4) RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${CONMON_VERSION} https://github.com/containers/conmon.git /conmon WORKDIR /conmon RUN set -ex; \ From d9f8b4b7635ad055a77326c35e61253864c38cde Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 11:06:19 -0600 Subject: [PATCH 31/92] inline --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 73cc4a8..b7466a1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -52,8 +52,9 @@ RUN set -ex; \ # conmon (without systemd support) FROM podmanbuildbase AS conmon #ARG CONMON_VERSION=v2.1.10 -RUN export CONMON_VERSION=$(curl -s https://api.github.com/repos/containers/conmon/releases/latest | grep tag_name | cut -d '"' -f 4) -RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${CONMON_VERSION} https://github.com/containers/conmon.git /conmon +#RUN export CONMON_VERSION=$(curl -s https://api.github.com/repos/containers/conmon/releases/latest | grep tag_name | cut -d '"' -f 4) +#RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${CONMON_VERSION} https://github.com/containers/conmon.git /conmon +RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${curl -s https://api.github.com/repos/containers/conmon/releases/latest | grep tag_name | cut -d '"' -f 4} https://github.com/containers/conmon.git /conmon WORKDIR /conmon RUN set -ex; \ make git-vars bin/conmon PKG_CONFIG='pkg-config --static' CFLAGS='-std=c99 -Os -Wall -Wextra -Werror -static' LDFLAGS='-s -w -static'; \ From 808ee5db9af92bca76c44eb0316cd7fd0ff62bab Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 11:07:20 -0600 Subject: [PATCH 32/92] Parens --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b7466a1..b7a063a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -54,7 +54,7 @@ FROM podmanbuildbase AS conmon #ARG CONMON_VERSION=v2.1.10 #RUN export CONMON_VERSION=$(curl -s https://api.github.com/repos/containers/conmon/releases/latest | grep tag_name | cut -d '"' -f 4) #RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${CONMON_VERSION} https://github.com/containers/conmon.git /conmon -RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${curl -s https://api.github.com/repos/containers/conmon/releases/latest | grep tag_name | cut -d '"' -f 4} https://github.com/containers/conmon.git /conmon +RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch $(curl -s https://api.github.com/repos/containers/conmon/releases/latest | grep tag_name | cut -d '"' -f 4) https://github.com/containers/conmon.git /conmon WORKDIR /conmon RUN set -ex; \ make git-vars bin/conmon PKG_CONFIG='pkg-config --static' CFLAGS='-std=c99 -Os -Wall -Wextra -Werror -static' LDFLAGS='-s -w -static'; \ From b5be7efa2dcb5369e45f1af584c5bd7fb3d0f390 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 11:09:19 -0600 Subject: [PATCH 33/92] curl --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index b7a063a..2a2b376 100644 --- a/Dockerfile +++ b/Dockerfile @@ -51,6 +51,8 @@ RUN set -ex; \ # conmon (without systemd support) FROM podmanbuildbase AS conmon +RUN apk add --update --no-cache tzdata curl + #ARG CONMON_VERSION=v2.1.10 #RUN export CONMON_VERSION=$(curl -s https://api.github.com/repos/containers/conmon/releases/latest | grep tag_name | cut -d '"' -f 4) #RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${CONMON_VERSION} https://github.com/containers/conmon.git /conmon From 07eaa8b4f7a2414d49d94a724b1348de64131817 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 11:11:25 -0600 Subject: [PATCH 34/92] Inline --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2a2b376..b1170c3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,12 +29,13 @@ FROM podmanbuildbase AS podman RUN apk add --update --no-cache tzdata curl #ARG PODMAN_VERSION=$(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep tag_name | cut -d '"' -f 4) +#RUN export PODMAN_VERSION=$(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep tag_name | cut -d '"' -f 4) #ARG PODMAN_VERSION=v5.0.0 -RUN export PODMAN_VERSION=$(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep tag_name | cut -d '"' -f 4) # v4_8_1 was last version manually specified ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper containers_image_openpgp' ARG PODMAN_CGO=1 -RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman +#RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman +RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch $(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep tag_name | cut -d '"' -f 4) https://github.com/containers/podman src/github.com/containers/podman WORKDIR $GOPATH/src/github.com/containers/podman RUN set -ex; \ export CGO_ENABLED=$PODMAN_CGO; \ From 17c1bd6004e049b4cd19322be80af7939caffb62 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 11:27:04 -0600 Subject: [PATCH 35/92] Update dependencies --- Dockerfile | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index b1170c3..018a0d2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -81,8 +81,9 @@ RUN set -ex; \ # netavark FROM podmanbuildbase AS netavark -ARG NETAVARK_VERSION=v1.9.0 -RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION} https://github.com/containers/netavark /netavark +#ARG NETAVARK_VERSION=v1.9.0 +#RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION} https://github.com/containers/netavark /netavark +RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=$(curl -s https://api.github.com/repos/containers/netavark/releases/latest | grep tag_name | cut -d '"' -f 4) https://github.com/containers/netavark /netavark WORKDIR /netavark RUN set -ex; \ make; \ @@ -104,8 +105,9 @@ RUN set -ex; \ ninja -C build install # Build slirp4netns WORKDIR / -ARG SLIRP4NETNS_VERSION=v1.2.2 -RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch $SLIRP4NETNS_VERSION https://github.com/rootless-containers/slirp4netns.git +#ARG SLIRP4NETNS_VERSION=v1.2.2 +#RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${SLIRP4NETNS_VERSION} https://github.com/rootless-containers/slirp4netns.git +RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch $(curl -s https://api.github.com/repos/rootless-containers/slirp4netns/releases/latest | grep tag_name | cut -d '"' -f 4) https://github.com/rootless-containers/slirp4netns.git WORKDIR /slirp4netns RUN set -ex; \ ./autogen.sh; \ @@ -159,6 +161,7 @@ COPY --from=conmon /conmon/bin/conmon /usr/local/lib/podman/conmon COPY --from=podman /usr/local/lib/podman/rootlessport /usr/local/lib/podman/rootlessport COPY --from=podman /usr/local/bin/podman /usr/local/bin/podman COPY conf/containers /etc/containers +# Rootlesskit is not necessary for rootless podman RUN set -ex; \ adduser -D podman -h /podman -u 1000; \ echo 'podman:1:999' > /etc/subuid; \ @@ -205,5 +208,6 @@ FROM rootlesspodmanrunc AS podmanall RUN apk add --no-cache iptables ip6tables COPY --from=slirp4netns /slirp4netns/slirp4netns /usr/local/bin/slirp4netns COPY --from=cniplugins /usr/local/lib/cni /usr/local/lib/cni +COPY --from=netavark /netavark/netavark /usr/local/bin/netavark COPY --from=catatonit /catatonit/catatonit /usr/local/lib/podman/catatonit COPY conf/cni /etc/cni From c8454946ddfffba74454d71d0a303318db9bd75c Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 11:27:23 -0600 Subject: [PATCH 36/92] alpine from 3.18 LTS to 3.19 LTS (bug fixes) --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 018a0d2..8aa972c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,10 @@ # Download gpg -FROM alpine:3.18 AS gpg +FROM alpine:3.19 AS gpg RUN apk add --no-cache gnupg # runc -FROM golang:1.20-alpine3.18 AS runc +FROM golang:1.20-alpine3.19 AS runc ARG RUNC_VERSION=v1.1.10 # Download runc binary release since static build doesn't work with musl libc anymore since 1.1.8, see https://github.com/opencontainers/runc/issues/3950 RUN set -eux; \ @@ -16,7 +16,7 @@ RUN set -eux; \ # podman build base -FROM golang:1.20-alpine3.18 AS podmanbuildbase +FROM golang:1.20-alpine3.19 AS podmanbuildbase RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ btrfs-progs btrfs-progs-dev libassuan-dev lvm2-dev device-mapper \ glib-static libc-dev gpgme-dev protobuf-dev protobuf-c-dev \ @@ -154,7 +154,7 @@ RUN set -ex; \ # Build podman base image -FROM alpine:3.18 AS podmanbase +FROM alpine:3.19 AS podmanbase LABEL maintainer="" RUN apk add --no-cache tzdata ca-certificates COPY --from=conmon /conmon/bin/conmon /usr/local/lib/podman/conmon From 6a3b9103dd9a0a234c204252af073bb59cefbe5c Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 13:45:47 -0600 Subject: [PATCH 37/92] Dynamically set branch names if versions are not pre-defined --- Dockerfile | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8aa972c..454d5bd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,14 +28,10 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ FROM podmanbuildbase AS podman RUN apk add --update --no-cache tzdata curl -#ARG PODMAN_VERSION=$(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep tag_name | cut -d '"' -f 4) -#RUN export PODMAN_VERSION=$(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep tag_name | cut -d '"' -f 4) #ARG PODMAN_VERSION=v5.0.0 -# v4_8_1 was last version manually specified ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper containers_image_openpgp' ARG PODMAN_CGO=1 -#RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman -RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch $(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep tag_name | cut -d '"' -f 4) https://github.com/containers/podman src/github.com/containers/podman +RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${PODMAN_VERSION:-$(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/podman src/github.com/containers/podman WORKDIR $GOPATH/src/github.com/containers/podman RUN set -ex; \ export CGO_ENABLED=$PODMAN_CGO; \ @@ -55,9 +51,7 @@ FROM podmanbuildbase AS conmon RUN apk add --update --no-cache tzdata curl #ARG CONMON_VERSION=v2.1.10 -#RUN export CONMON_VERSION=$(curl -s https://api.github.com/repos/containers/conmon/releases/latest | grep tag_name | cut -d '"' -f 4) -#RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${CONMON_VERSION} https://github.com/containers/conmon.git /conmon -RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch $(curl -s https://api.github.com/repos/containers/conmon/releases/latest | grep tag_name | cut -d '"' -f 4) https://github.com/containers/conmon.git /conmon +RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${CONMON_VERSION:-$(curl -s https://api.github.com/repos/containers/conmon/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/conmon.git /conmon WORKDIR /conmon RUN set -ex; \ make git-vars bin/conmon PKG_CONFIG='pkg-config --static' CFLAGS='-std=c99 -Os -Wall -Wextra -Werror -static' LDFLAGS='-s -w -static'; \ @@ -82,8 +76,7 @@ RUN set -ex; \ # netavark FROM podmanbuildbase AS netavark #ARG NETAVARK_VERSION=v1.9.0 -#RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION} https://github.com/containers/netavark /netavark -RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=$(curl -s https://api.github.com/repos/containers/netavark/releases/latest | grep tag_name | cut -d '"' -f 4) https://github.com/containers/netavark /netavark +RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION:-$(curl -s https://api.github.com/repos/containers/netavark/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/netavark /netavark WORKDIR /netavark RUN set -ex; \ make; \ @@ -107,7 +100,7 @@ RUN set -ex; \ WORKDIR / #ARG SLIRP4NETNS_VERSION=v1.2.2 #RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${SLIRP4NETNS_VERSION} https://github.com/rootless-containers/slirp4netns.git -RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch $(curl -s https://api.github.com/repos/rootless-containers/slirp4netns/releases/latest | grep tag_name | cut -d '"' -f 4) https://github.com/rootless-containers/slirp4netns.git +RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${SLIRP4NETNS_VERSION:-$(curl -s https://api.github.com/repos/rootless-containers/slirp4netns/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/rootless-containers/slirp4netns.git WORKDIR /slirp4netns RUN set -ex; \ ./autogen.sh; \ From c38b69a8aba4f941926c2f2709366633b9b7d620 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 13:46:02 -0600 Subject: [PATCH 38/92] nftables --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 454d5bd..b5064e6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -198,7 +198,7 @@ COPY conf/crun-containers.conf /etc/containers/containers.conf # Build podman image with rootless binaries and CNI plugins FROM rootlesspodmanrunc AS podmanall -RUN apk add --no-cache iptables ip6tables +RUN apk add --no-cache iptables ip6tables nftables COPY --from=slirp4netns /slirp4netns/slirp4netns /usr/local/bin/slirp4netns COPY --from=cniplugins /usr/local/lib/cni /usr/local/lib/cni COPY --from=netavark /netavark/netavark /usr/local/bin/netavark From 374bd0e0643bf3ac9e4bcbf6ac06d1b999ac7eca Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 13:52:39 -0600 Subject: [PATCH 39/92] netavark --- Dockerfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index b5064e6..2c6908b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -75,6 +75,7 @@ RUN set -ex; \ # netavark FROM podmanbuildbase AS netavark +RUN apk add --update --no-cache tzdata curl #ARG NETAVARK_VERSION=v1.9.0 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION:-$(curl -s https://api.github.com/repos/containers/netavark/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/netavark /netavark WORKDIR /netavark @@ -98,9 +99,9 @@ RUN set -ex; \ ninja -C build install # Build slirp4netns WORKDIR / -#ARG SLIRP4NETNS_VERSION=v1.2.2 -#RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${SLIRP4NETNS_VERSION} https://github.com/rootless-containers/slirp4netns.git -RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${SLIRP4NETNS_VERSION:-$(curl -s https://api.github.com/repos/rootless-containers/slirp4netns/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/rootless-containers/slirp4netns.git +ARG SLIRP4NETNS_VERSION=v1.2.2 +RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${SLIRP4NETNS_VERSION} https://github.com/rootless-containers/slirp4netns.git +#RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${SLIRP4NETNS_VERSION:-$(curl -s https://api.github.com/repos/rootless-containers/slirp4netns/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/rootless-containers/slirp4netns.git WORKDIR /slirp4netns RUN set -ex; \ ./autogen.sh; \ From 0cd29f8de7408e96961f705a3b50b35b96891521 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 13:54:53 -0600 Subject: [PATCH 40/92] Add Rust and Cargo to Dockerfile --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 2c6908b..02d88d3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -76,6 +76,8 @@ RUN set -ex; \ # netavark FROM podmanbuildbase AS netavark RUN apk add --update --no-cache tzdata curl +# Rust +RUN apk add --update --no-cache rust cargo #ARG NETAVARK_VERSION=v1.9.0 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION:-$(curl -s https://api.github.com/repos/containers/netavark/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/netavark /netavark WORKDIR /netavark From 559f2c578b29998bb964826737971c7ec54593cf Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 14:01:39 -0600 Subject: [PATCH 41/92] Add CGO_CFLAGS environment variable to Dockerfile --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 02d88d3..71b3a7e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -33,6 +33,7 @@ ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper ARG PODMAN_CGO=1 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${PODMAN_VERSION:-$(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/podman src/github.com/containers/podman WORKDIR $GOPATH/src/github.com/containers/podman +ENV CGO_CFLAGS="-D_LARGEFILE64_SOURCE" RUN set -ex; \ export CGO_ENABLED=$PODMAN_CGO; \ make bin/podman LDFLAGS_PODMAN="-s -w -extldflags '-static'" BUILDTAGS='${PODMAN_BUILDTAGS}'; \ From 113295a95aed2223bf4fc9877c4396e8952968f2 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 14:17:25 -0600 Subject: [PATCH 42/92] Update Dockerfile (#3) Path to netavark --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 71b3a7e..c7e4831 100644 --- a/Dockerfile +++ b/Dockerfile @@ -84,7 +84,7 @@ RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSI WORKDIR /netavark RUN set -ex; \ make; \ - ./netavark --version + ./bin/netavark --version # slirp4netns From bc12587640b59269ddee521d0b5ba0e5305d49ea Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 14:27:12 -0600 Subject: [PATCH 43/92] Update Dockerfile Path for bin/netavark after being built --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c7e4831..0157d27 100644 --- a/Dockerfile +++ b/Dockerfile @@ -205,6 +205,6 @@ FROM rootlesspodmanrunc AS podmanall RUN apk add --no-cache iptables ip6tables nftables COPY --from=slirp4netns /slirp4netns/slirp4netns /usr/local/bin/slirp4netns COPY --from=cniplugins /usr/local/lib/cni /usr/local/lib/cni -COPY --from=netavark /netavark/netavark /usr/local/bin/netavark +COPY --from=netavark /netavark/bin/netavark /usr/local/bin/netavark COPY --from=catatonit /catatonit/catatonit /usr/local/lib/podman/catatonit COPY conf/cni /etc/cni From 73581edd700d778ed9c42c170f2f3e21adc9a30f Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 17:04:10 -0600 Subject: [PATCH 44/92] Latest Podman version --- Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 71b3a7e..a97748a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,9 +24,11 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ bash go-md2man +ARG PODMAN_VERSION=$(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep tag_name | cut -d '"' -f 4) + # podman (without systemd support) FROM podmanbuildbase AS podman -RUN apk add --update --no-cache tzdata curl +#RUN apk add --update --no-cache tzdata curl #ARG PODMAN_VERSION=v5.0.0 ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper containers_image_openpgp' From 5b1a2a352ce8da3b30f77a8771a48e6691e4b527 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 17:06:45 -0600 Subject: [PATCH 45/92] 4.8.3 --- Dockerfile | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 89a69e4..75bcfb3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,13 +24,11 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ bash go-md2man -ARG PODMAN_VERSION=$(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep tag_name | cut -d '"' -f 4) - # podman (without systemd support) FROM podmanbuildbase AS podman -#RUN apk add --update --no-cache tzdata curl +RUN apk add --update --no-cache tzdata curl -#ARG PODMAN_VERSION=v5.0.0 +ARG PODMAN_VERSION=v4.8.3 ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper containers_image_openpgp' ARG PODMAN_CGO=1 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${PODMAN_VERSION:-$(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/podman src/github.com/containers/podman @@ -204,7 +202,7 @@ COPY conf/crun-containers.conf /etc/containers/containers.conf # Build podman image with rootless binaries and CNI plugins FROM rootlesspodmanrunc AS podmanall -RUN apk add --no-cache iptables ip6tables nftables +RUN apk add --no-cache iptables ip6tables COPY --from=slirp4netns /slirp4netns/slirp4netns /usr/local/bin/slirp4netns COPY --from=cniplugins /usr/local/lib/cni /usr/local/lib/cni COPY --from=netavark /netavark/bin/netavark /usr/local/bin/netavark From 6f10a887830609eb090025e765cc371906f0c05a Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 17:10:27 -0600 Subject: [PATCH 46/92] Change to not fallback on latest versions (version pinning). Also, disable cflag. --- Dockerfile | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 75bcfb3..d06531e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -33,7 +33,7 @@ ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper ARG PODMAN_CGO=1 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${PODMAN_VERSION:-$(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/podman src/github.com/containers/podman WORKDIR $GOPATH/src/github.com/containers/podman -ENV CGO_CFLAGS="-D_LARGEFILE64_SOURCE" +#ENV CGO_CFLAGS="-D_LARGEFILE64_SOURCE" RUN set -ex; \ export CGO_ENABLED=$PODMAN_CGO; \ make bin/podman LDFLAGS_PODMAN="-s -w -extldflags '-static'" BUILDTAGS='${PODMAN_BUILDTAGS}'; \ @@ -51,7 +51,7 @@ RUN set -ex; \ FROM podmanbuildbase AS conmon RUN apk add --update --no-cache tzdata curl -#ARG CONMON_VERSION=v2.1.10 +ARG CONMON_VERSION=v2.1.10 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${CONMON_VERSION:-$(curl -s https://api.github.com/repos/containers/conmon/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/conmon.git /conmon WORKDIR /conmon RUN set -ex; \ @@ -76,10 +76,8 @@ RUN set -ex; \ # netavark FROM podmanbuildbase AS netavark -RUN apk add --update --no-cache tzdata curl -# Rust -RUN apk add --update --no-cache rust cargo -#ARG NETAVARK_VERSION=v1.9.0 +RUN apk add --update --no-cache tzdata curl rust cargo +ARG NETAVARK_VERSION=v1.9.0 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION:-$(curl -s https://api.github.com/repos/containers/netavark/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/netavark /netavark WORKDIR /netavark RUN set -ex; \ From 1524b7cb2ce63cefb443f589744a8ab4e57599e9 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 17:12:22 -0600 Subject: [PATCH 47/92] Git clone updates --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index d06531e..b75073c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -125,7 +125,7 @@ RUN set -ex; \ ninja install; \ fusermount3 -V ARG FUSEOVERLAYFS_VERSION=v1.13 -RUN git clone -c advice.detachedHead=false --depth=1 --branch=$FUSEOVERLAYFS_VERSION https://github.com/containers/fuse-overlayfs /fuse-overlayfs +RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=$FUSEOVERLAYFS_VERSION https://github.com/containers/fuse-overlayfs /fuse-overlayfs WORKDIR /fuse-overlayfs RUN set -ex; \ sh autogen.sh; \ @@ -139,7 +139,7 @@ RUN set -ex; \ FROM podmanbuildbase AS catatonit RUN apk add --update --no-cache autoconf automake libtool ARG CATATONIT_VERSION=v0.2.0 -RUN git clone --branch=$CATATONIT_VERSION https://github.com/openSUSE/catatonit.git /catatonit +RUN git clone -c 'advice.detachedHead=false' --branch=$CATATONIT_VERSION https://github.com/openSUSE/catatonit.git /catatonit WORKDIR /catatonit RUN set -ex; \ ./autogen.sh; \ From cfe36b06e102bdc9c22fea74a53a79fa7aa47dd7 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 17:15:27 -0600 Subject: [PATCH 48/92] Without version command --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index b75073c..ad11f16 100644 --- a/Dockerfile +++ b/Dockerfile @@ -81,8 +81,8 @@ ARG NETAVARK_VERSION=v1.9.0 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION:-$(curl -s https://api.github.com/repos/containers/netavark/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/netavark /netavark WORKDIR /netavark RUN set -ex; \ - make; \ - ./bin/netavark --version + make; +# bin/netavark --version > /dev/null # slirp4netns From c758879bc9826b38555e6cbf728e20669cdbad24 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 17:25:07 -0600 Subject: [PATCH 49/92] Version check to /dev/null --- Dockerfile | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index ad11f16..2baa0a1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,13 +22,15 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ glib-static libc-dev gpgme-dev protobuf-dev protobuf-c-dev \ libseccomp-dev libseccomp-static libselinux-dev ostree-dev openssl iptables \ bash go-md2man +# Hotfix for musl build failure https://github.com/mattn/go-sqlite3/issues/1164 +RUN go get github.com/mattn/go-sqlite3 # podman (without systemd support) FROM podmanbuildbase AS podman RUN apk add --update --no-cache tzdata curl -ARG PODMAN_VERSION=v4.8.3 +#ARG PODMAN_VERSION=v4.8.3 ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper containers_image_openpgp' ARG PODMAN_CGO=1 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${PODMAN_VERSION:-$(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/podman src/github.com/containers/podman @@ -51,7 +53,7 @@ RUN set -ex; \ FROM podmanbuildbase AS conmon RUN apk add --update --no-cache tzdata curl -ARG CONMON_VERSION=v2.1.10 +#ARG CONMON_VERSION=v2.1.10 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${CONMON_VERSION:-$(curl -s https://api.github.com/repos/containers/conmon/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/conmon.git /conmon WORKDIR /conmon RUN set -ex; \ @@ -77,12 +79,13 @@ RUN set -ex; \ # netavark FROM podmanbuildbase AS netavark RUN apk add --update --no-cache tzdata curl rust cargo -ARG NETAVARK_VERSION=v1.9.0 +#ARG NETAVARK_VERSION=v1.9.0 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION:-$(curl -s https://api.github.com/repos/containers/netavark/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/netavark /netavark WORKDIR /netavark RUN set -ex; \ - make; -# bin/netavark --version > /dev/null + LDFLAGS=-static; \ + make; \ + bin/netavark --version > /dev/null # slirp4netns From e777278ef85840169949f923c06082cc285fc2f4 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 17:29:14 -0600 Subject: [PATCH 50/92] cflags in the run --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2baa0a1..5c74812 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ RUN apk add --no-cache gnupg # runc -FROM golang:1.20-alpine3.19 AS runc +FROM golang:1.21-alpine3.19 AS runc ARG RUNC_VERSION=v1.1.10 # Download runc binary release since static build doesn't work with musl libc anymore since 1.1.8, see https://github.com/opencontainers/runc/issues/3950 RUN set -eux; \ @@ -16,14 +16,14 @@ RUN set -eux; \ # podman build base -FROM golang:1.20-alpine3.19 AS podmanbuildbase +FROM golang:1.21-alpine3.19 AS podmanbuildbase RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ btrfs-progs btrfs-progs-dev libassuan-dev lvm2-dev device-mapper \ glib-static libc-dev gpgme-dev protobuf-dev protobuf-c-dev \ libseccomp-dev libseccomp-static libselinux-dev ostree-dev openssl iptables \ bash go-md2man # Hotfix for musl build failure https://github.com/mattn/go-sqlite3/issues/1164 -RUN go get github.com/mattn/go-sqlite3 +#RUN go get github.com/mattn/go-sqlite3 # podman (without systemd support) @@ -35,9 +35,9 @@ ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper ARG PODMAN_CGO=1 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${PODMAN_VERSION:-$(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/podman src/github.com/containers/podman WORKDIR $GOPATH/src/github.com/containers/podman -#ENV CGO_CFLAGS="-D_LARGEFILE64_SOURCE" RUN set -ex; \ export CGO_ENABLED=$PODMAN_CGO; \ + export CGO_CFLAGS="-D_LARGEFILE64_SOURCE"; \ make bin/podman LDFLAGS_PODMAN="-s -w -extldflags '-static'" BUILDTAGS='${PODMAN_BUILDTAGS}'; \ mv bin/podman /usr/local/bin/podman; \ podman --help >/dev/null; \ From dbcf8e1cfd2c43458f363f8adc8d2f661ad9a0b1 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 17:35:36 -0600 Subject: [PATCH 51/92] packages --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5c74812..4d68ea4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -78,12 +78,13 @@ RUN set -ex; \ # netavark FROM podmanbuildbase AS netavark -RUN apk add --update --no-cache tzdata curl rust cargo +#RUN apk add --update --no-cache tzdata curl rust cargo +RUN apk add --update --no-cache tzdata curl +RUN apk add --update --no-cache rust cargo #ARG NETAVARK_VERSION=v1.9.0 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION:-$(curl -s https://api.github.com/repos/containers/netavark/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/netavark /netavark WORKDIR /netavark RUN set -ex; \ - LDFLAGS=-static; \ make; \ bin/netavark --version > /dev/null From c5a705a52f92952bd52149e2df010614f2e2c6ca Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 17:39:15 -0600 Subject: [PATCH 52/92] Commented out netavark build step --- Dockerfile | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4d68ea4..a21fbc8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -77,16 +77,16 @@ RUN set -ex; \ # netavark -FROM podmanbuildbase AS netavark -#RUN apk add --update --no-cache tzdata curl rust cargo -RUN apk add --update --no-cache tzdata curl -RUN apk add --update --no-cache rust cargo -#ARG NETAVARK_VERSION=v1.9.0 -RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION:-$(curl -s https://api.github.com/repos/containers/netavark/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/netavark /netavark -WORKDIR /netavark -RUN set -ex; \ - make; \ - bin/netavark --version > /dev/null +#FROM podmanbuildbase AS netavark +##RUN apk add --update --no-cache tzdata curl rust cargo +#RUN apk add --update --no-cache tzdata curl +#RUN apk add --update --no-cache rust cargo +##ARG NETAVARK_VERSION=v1.9.0 +#RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION:-$(curl -s https://api.github.com/repos/containers/netavark/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/netavark /netavark +#WORKDIR /netavark +#RUN set -ex; \ +# make; \ +# bin/netavark --version > /dev/null # slirp4netns @@ -207,6 +207,6 @@ FROM rootlesspodmanrunc AS podmanall RUN apk add --no-cache iptables ip6tables COPY --from=slirp4netns /slirp4netns/slirp4netns /usr/local/bin/slirp4netns COPY --from=cniplugins /usr/local/lib/cni /usr/local/lib/cni -COPY --from=netavark /netavark/bin/netavark /usr/local/bin/netavark +#COPY --from=netavark /netavark/bin/netavark /usr/local/bin/netavark COPY --from=catatonit /catatonit/catatonit /usr/local/lib/podman/catatonit COPY conf/cni /etc/cni From 57f1ccca77e6f04352cdbbf68fff953f548d6551 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 18:11:10 -0600 Subject: [PATCH 53/92] Update Dockerfile with specific versions of Podman and Conmon --- Dockerfile | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index a21fbc8..1a47e44 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,13 +30,15 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ FROM podmanbuildbase AS podman RUN apk add --update --no-cache tzdata curl -#ARG PODMAN_VERSION=v4.8.3 +ARG PODMAN_VERSION=v4.8.3 ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper containers_image_openpgp' ARG PODMAN_CGO=1 -RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${PODMAN_VERSION:-$(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/podman src/github.com/containers/podman +RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman +#RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${PODMAN_VERSION:-$(curl -s https://api.github.com/repos/containers/podman/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/podman src/github.com/containers/podman WORKDIR $GOPATH/src/github.com/containers/podman RUN set -ex; \ export CGO_ENABLED=$PODMAN_CGO; \ + # Workaround for build failure https://github.com/mattn/go-sqlite3/issues/1164 (fixed in future go-sqlite3 release) export CGO_CFLAGS="-D_LARGEFILE64_SOURCE"; \ make bin/podman LDFLAGS_PODMAN="-s -w -extldflags '-static'" BUILDTAGS='${PODMAN_BUILDTAGS}'; \ mv bin/podman /usr/local/bin/podman; \ @@ -51,10 +53,11 @@ RUN set -ex; \ # conmon (without systemd support) FROM podmanbuildbase AS conmon -RUN apk add --update --no-cache tzdata curl +#RUN apk add --update --no-cache tzdata curl -#ARG CONMON_VERSION=v2.1.10 -RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${CONMON_VERSION:-$(curl -s https://api.github.com/repos/containers/conmon/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/conmon.git /conmon +ARG CONMON_VERSION=v2.1.10 +RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${CONMON_VERSION} https://github.com/containers/conmon.git /conmon +#RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${CONMON_VERSION:-$(curl -s https://api.github.com/repos/containers/conmon/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/conmon.git /conmon WORKDIR /conmon RUN set -ex; \ make git-vars bin/conmon PKG_CONFIG='pkg-config --static' CFLAGS='-std=c99 -Os -Wall -Wextra -Werror -static' LDFLAGS='-s -w -static'; \ @@ -77,16 +80,15 @@ RUN set -ex; \ # netavark -#FROM podmanbuildbase AS netavark -##RUN apk add --update --no-cache tzdata curl rust cargo -#RUN apk add --update --no-cache tzdata curl -#RUN apk add --update --no-cache rust cargo -##ARG NETAVARK_VERSION=v1.9.0 +FROM podmanbuildbase AS netavark +#RUN apk add --update --no-cache tzdata curl rust cargo +RUN apk add --update --no-cache rust cargo +ARG NETAVARK_VERSION=v1.9.0 +RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION} https://github.com/containers/netavark /netavark #RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION:-$(curl -s https://api.github.com/repos/containers/netavark/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/netavark /netavark -#WORKDIR /netavark -#RUN set -ex; \ -# make; \ -# bin/netavark --version > /dev/null +WORKDIR /netavark +RUN set -ex; \ + make # slirp4netns @@ -207,6 +209,6 @@ FROM rootlesspodmanrunc AS podmanall RUN apk add --no-cache iptables ip6tables COPY --from=slirp4netns /slirp4netns/slirp4netns /usr/local/bin/slirp4netns COPY --from=cniplugins /usr/local/lib/cni /usr/local/lib/cni -#COPY --from=netavark /netavark/bin/netavark /usr/local/bin/netavark +COPY --from=netavark /netavark/bin/netavark /usr/local/bin/netavark COPY --from=catatonit /catatonit/catatonit /usr/local/lib/podman/catatonit COPY conf/cni /etc/cni From 82ee3183e768965c387b48727a0408a5377b8dec Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 18:20:54 -0600 Subject: [PATCH 54/92] Update Dockerfile to build Netavark with release flag --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1a47e44..b256f08 100644 --- a/Dockerfile +++ b/Dockerfile @@ -88,7 +88,8 @@ RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSI #RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION:-$(curl -s https://api.github.com/repos/containers/netavark/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/netavark /netavark WORKDIR /netavark RUN set -ex; \ - make + make build_netavark --release +# make # slirp4netns From b18ba36231222a0469ada1993d13d86b1119c618 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 18:40:51 -0600 Subject: [PATCH 55/92] Update Dockerfile Without release flag, etc. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b256f08..7f93853 100644 --- a/Dockerfile +++ b/Dockerfile @@ -88,7 +88,7 @@ RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSI #RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION:-$(curl -s https://api.github.com/repos/containers/netavark/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/netavark /netavark WORKDIR /netavark RUN set -ex; \ - make build_netavark --release + make build_netavark # make From b657acd4bb2592fade6e7d25b0be41d3456314f7 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 19:09:28 -0600 Subject: [PATCH 56/92] Delete Dockerfile-ssh (#4) Remove dockerfile for ssh experiment --- Dockerfile-ssh | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 Dockerfile-ssh diff --git a/Dockerfile-ssh b/Dockerfile-ssh deleted file mode 100644 index d7a74fc..0000000 --- a/Dockerfile-ssh +++ /dev/null @@ -1,5 +0,0 @@ -ARG BASEIMAGE -FROM ${BASEIMAGE} -RUN apk add --update --no-cache openssh -COPY sshd_config /podman/.ssh/ -RUN chown -R podman:podman /podman/.ssh From eedf97681e3f5044ca5da094559848f288cc8594 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 21:52:02 -0600 Subject: [PATCH 57/92] Update Dockerfile Disable netavark --- Dockerfile | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7f93853..f00a476 100644 --- a/Dockerfile +++ b/Dockerfile @@ -80,16 +80,16 @@ RUN set -ex; \ # netavark -FROM podmanbuildbase AS netavark -#RUN apk add --update --no-cache tzdata curl rust cargo -RUN apk add --update --no-cache rust cargo -ARG NETAVARK_VERSION=v1.9.0 -RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION} https://github.com/containers/netavark /netavark -#RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION:-$(curl -s https://api.github.com/repos/containers/netavark/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/netavark /netavark -WORKDIR /netavark -RUN set -ex; \ - make build_netavark -# make +#FROM podmanbuildbase AS netavark +##RUN apk add --update --no-cache tzdata curl rust cargo +#RUN apk add --update --no-cache rust cargo +#ARG NETAVARK_VERSION=v1.9.0 +#RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION} https://github.com/containers/netavark /netavark +##RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION:-$(curl -s https://api.github.com/repos/containers/netavark/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/netavark /netavark +#WORKDIR /netavark +#RUN set -ex; \ +# make build_netavark +## make # slirp4netns From 5179278f0916381dda659d191b28864b3f6606ca Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 13 Jan 2024 22:22:08 -0600 Subject: [PATCH 58/92] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f00a476..f2ceb26 100644 --- a/Dockerfile +++ b/Dockerfile @@ -210,6 +210,6 @@ FROM rootlesspodmanrunc AS podmanall RUN apk add --no-cache iptables ip6tables COPY --from=slirp4netns /slirp4netns/slirp4netns /usr/local/bin/slirp4netns COPY --from=cniplugins /usr/local/lib/cni /usr/local/lib/cni -COPY --from=netavark /netavark/bin/netavark /usr/local/bin/netavark +#COPY --from=netavark /netavark/bin/netavark /usr/local/bin/netavark COPY --from=catatonit /catatonit/catatonit /usr/local/lib/podman/catatonit COPY conf/cni /etc/cni From d43f39e4efbd514fcf517db64735bc389ce95ceb Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Fri, 19 Jan 2024 22:12:13 -0600 Subject: [PATCH 59/92] Update Dockerfile-remote (4.8.3) --- Dockerfile-remote | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile-remote b/Dockerfile-remote index 6157bab..e00122d 100644 --- a/Dockerfile-remote +++ b/Dockerfile-remote @@ -1,5 +1,5 @@ # podman build base -FROM golang:1.20-alpine3.18 AS podmanbuildbase +FROM golang:1.21-alpine3.19 AS podmanbuildbase RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ btrfs-progs btrfs-progs-dev libassuan-dev lvm2-dev device-mapper \ glib-static libc-dev gpgme-dev protobuf-dev protobuf-c-dev \ @@ -9,7 +9,7 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ # podman remote FROM podmanbuildbase AS podman-remote RUN apk add --update --no-cache curl -ARG PODMAN_VERSION=v4.8.1 +ARG PODMAN_VERSION=v4.8.3 RUN git clone -c advice.detachedHead=false --depth=1 --branch=${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman WORKDIR $GOPATH/src/github.com/containers/podman RUN make install.tools @@ -21,6 +21,6 @@ RUN set -eux; \ podman --help >/dev/null; \ [ "$(ldd /usr/local/bin/podman-remote | wc -l)" -eq 0 ] || (ldd /usr/local/bin/podman-remote; false) -FROM alpine:3.18 +FROM alpine:3.19 COPY --from=podman-remote /usr/local/bin /usr/local/bin RUN adduser -D podman-remote -h /podman -u 1000 From e2f86d48e0481a7b099cf4e82077e62e7fa7820d Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Wed, 14 Feb 2024 12:35:02 -0600 Subject: [PATCH 60/92] Update Dockerfile (#5) --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index f2ceb26..22ee409 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ RUN apk add --no-cache gnupg # runc FROM golang:1.21-alpine3.19 AS runc -ARG RUNC_VERSION=v1.1.10 +ARG RUNC_VERSION=v1.1.12 # Download runc binary release since static build doesn't work with musl libc anymore since 1.1.8, see https://github.com/opencontainers/runc/issues/3950 RUN set -eux; \ ARCH="`uname -m | sed 's!x86_64!amd64!; s!aarch64!arm64!'`"; \ @@ -30,7 +30,7 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ FROM podmanbuildbase AS podman RUN apk add --update --no-cache tzdata curl -ARG PODMAN_VERSION=v4.8.3 +ARG PODMAN_VERSION=v4.9.2 ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper containers_image_openpgp' ARG PODMAN_CGO=1 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman @@ -191,7 +191,7 @@ COPY --from=runc /usr/local/bin/runc /usr/local/bin/runc # Download crun # (switched keyserver from sks to ubuntu since sks is offline now and gpg refuses to import keys from keys.openpgp.org because it does not provide a user ID with the key.) FROM gpg AS crun -ARG CRUN_VERSION=1.12 +ARG CRUN_VERSION=1.14 RUN set -ex; \ wget -O /usr/local/bin/crun https://github.com/containers/crun/releases/download/$CRUN_VERSION/crun-${CRUN_VERSION}-linux-amd64-disable-systemd; \ wget -O /tmp/crun.asc https://github.com/containers/crun/releases/download/$CRUN_VERSION/crun-${CRUN_VERSION}-linux-amd64-disable-systemd.asc; \ From b7e018a4f6a0d64772dec195ddf50890c97fbfa2 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Wed, 14 Feb 2024 12:41:17 -0600 Subject: [PATCH 61/92] Update Makefile Modern types --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index d226b23..5e691f7 100644 --- a/Makefile +++ b/Makefile @@ -157,8 +157,8 @@ run-server: podman-ssh -w /build \ "${PODMAN_SSH_IMAGE}" \ sh -c 'set -x; \ - ssh-keygen -b 2048 -t rsa -N "" -f /podman/.ssh/ssh_host_rsa_key; \ - ssh-keygen -b 521 -t ecdsa -N "" -f /podman/.ssh/ssh_host_ecdsa_key; \ + ssh-keygen -b 4096 -t rsa -N "" -f /podman/.ssh/ssh_host_rsa_key; \ + ssh-keygen -t ed25519 -N "" -f /podman/.ssh/ssh_host_ecdsa_key; \ [ -f /build/storage/user/client_rsa ] || ssh-keygen -b 4096 -t rsa -N "" -f /build/storage/user/client_rsa; \ cat /build/storage/user/client_rsa.pub > /podman/.ssh/authorized_keys; \ /usr/sbin/sshd -eD -f ~/.ssh/sshd_config & \ From 6f804d4126b196ef08a0c0cfc7b75889a032c126 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Wed, 14 Feb 2024 12:42:54 -0600 Subject: [PATCH 62/92] Update Makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 5e691f7..18128c9 100644 --- a/Makefile +++ b/Makefile @@ -157,7 +157,7 @@ run-server: podman-ssh -w /build \ "${PODMAN_SSH_IMAGE}" \ sh -c 'set -x; \ - ssh-keygen -b 4096 -t rsa -N "" -f /podman/.ssh/ssh_host_rsa_key; \ + ssh-keygen -b 4096 -t rsa -a 48 -N "" -f /podman/.ssh/ssh_host_rsa_key; \ ssh-keygen -t ed25519 -N "" -f /podman/.ssh/ssh_host_ecdsa_key; \ [ -f /build/storage/user/client_rsa ] || ssh-keygen -b 4096 -t rsa -N "" -f /build/storage/user/client_rsa; \ cat /build/storage/user/client_rsa.pub > /podman/.ssh/authorized_keys; \ From 5b4b63907f3083c872fedc64953bd4b389e73718 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Wed, 14 Feb 2024 12:43:54 -0600 Subject: [PATCH 63/92] Update Dockerfile-remote --- Dockerfile-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile-remote b/Dockerfile-remote index e00122d..6f21fa3 100644 --- a/Dockerfile-remote +++ b/Dockerfile-remote @@ -9,7 +9,7 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ # podman remote FROM podmanbuildbase AS podman-remote RUN apk add --update --no-cache curl -ARG PODMAN_VERSION=v4.8.3 +ARG PODMAN_VERSION=v4.9.2 RUN git clone -c advice.detachedHead=false --depth=1 --branch=${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman WORKDIR $GOPATH/src/github.com/containers/podman RUN make install.tools From aa03a31bdb1b3cec4f560d13b3d95239ae65114b Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Wed, 14 Feb 2024 12:45:00 -0600 Subject: [PATCH 64/92] Update sshd_config --- sshd_config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sshd_config b/sshd_config index 2be95ad..bedce20 100644 --- a/sshd_config +++ b/sshd_config @@ -9,7 +9,7 @@ AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no PubkeyAuthentication yes PermitRootLogin no -LoginGraceTime 2m +LoginGraceTime 1m MaxAuthTries 6 MaxSessions 10 From 1de0ad1ed4e41883332dc4254c9f5ec6e9c0fdcc Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 2 Mar 2024 20:34:49 -0600 Subject: [PATCH 65/92] Removing unused rounds flag --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 18128c9..5e691f7 100644 --- a/Makefile +++ b/Makefile @@ -157,7 +157,7 @@ run-server: podman-ssh -w /build \ "${PODMAN_SSH_IMAGE}" \ sh -c 'set -x; \ - ssh-keygen -b 4096 -t rsa -a 48 -N "" -f /podman/.ssh/ssh_host_rsa_key; \ + ssh-keygen -b 4096 -t rsa -N "" -f /podman/.ssh/ssh_host_rsa_key; \ ssh-keygen -t ed25519 -N "" -f /podman/.ssh/ssh_host_ecdsa_key; \ [ -f /build/storage/user/client_rsa ] || ssh-keygen -b 4096 -t rsa -N "" -f /build/storage/user/client_rsa; \ cat /build/storage/user/client_rsa.pub > /podman/.ssh/authorized_keys; \ From 9156e97374002fbc4880bfbef74c03c90267a22d Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 2 Mar 2024 20:39:28 -0600 Subject: [PATCH 66/92] Update Dockerfile-remote --- Dockerfile-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile-remote b/Dockerfile-remote index 6f21fa3..7f7b28c 100644 --- a/Dockerfile-remote +++ b/Dockerfile-remote @@ -9,7 +9,7 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ # podman remote FROM podmanbuildbase AS podman-remote RUN apk add --update --no-cache curl -ARG PODMAN_VERSION=v4.9.2 +ARG PODMAN_VERSION=v4.9.3 RUN git clone -c advice.detachedHead=false --depth=1 --branch=${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman WORKDIR $GOPATH/src/github.com/containers/podman RUN make install.tools From 393c4f45eef353e494088804f776f1c7e119b241 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 2 Mar 2024 20:40:18 -0600 Subject: [PATCH 67/92] Update Dockerfile for 4.9.3 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 22ee409..44ba83e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,7 +30,7 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ FROM podmanbuildbase AS podman RUN apk add --update --no-cache tzdata curl -ARG PODMAN_VERSION=v4.9.2 +ARG PODMAN_VERSION=v4.9.3 ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper containers_image_openpgp' ARG PODMAN_CGO=1 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman From cc5b9966d3ccae11ee0886ab5d9060223b2ebf4a Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 2 Mar 2024 20:44:07 -0600 Subject: [PATCH 68/92] Host key generation step --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 5e691f7..d8f99a6 100644 --- a/Makefile +++ b/Makefile @@ -158,7 +158,8 @@ run-server: podman-ssh "${PODMAN_SSH_IMAGE}" \ sh -c 'set -x; \ ssh-keygen -b 4096 -t rsa -N "" -f /podman/.ssh/ssh_host_rsa_key; \ - ssh-keygen -t ed25519 -N "" -f /podman/.ssh/ssh_host_ecdsa_key; \ + ssh-keygen -b 581 -t dsa -N "" -f /podman/.ssh/ssh_host_ecdsa_key; \ + ssh-keygen -t ed25519 -N "" -f /podman/.ssh/ssh_host_ed25519_key; \ [ -f /build/storage/user/client_rsa ] || ssh-keygen -b 4096 -t rsa -N "" -f /build/storage/user/client_rsa; \ cat /build/storage/user/client_rsa.pub > /podman/.ssh/authorized_keys; \ /usr/sbin/sshd -eD -f ~/.ssh/sshd_config & \ From 750f9ee3591f5dccea14325dedb63cecc2465281 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 2 Mar 2024 20:47:59 -0600 Subject: [PATCH 69/92] Update Makefile Determine if issues stem from version incompatibilities when build fail occurs in SQLite. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index d8f99a6..fe1dc43 100644 --- a/Makefile +++ b/Makefile @@ -147,7 +147,7 @@ run: $(PODMAN_IMAGE) /bin/sh clean: - $(DOCKER) run --rm -v "`pwd`:/work" alpine:3.18 rm -rf /work/build + $(DOCKER) run --rm -v "`pwd`:/work" alpine:3.19 rm -rf /work/build run-server: podman-ssh # TODO: make sshd log to stdout (while still ensuring that we know when it is available) From 21d4582d96dc7e537a6b64a60af1419a791c4807 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 2 Mar 2024 20:56:22 -0600 Subject: [PATCH 70/92] sqlite3 compilation error --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 44ba83e..d530e35 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,7 +23,8 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ libseccomp-dev libseccomp-static libselinux-dev ostree-dev openssl iptables \ bash go-md2man # Hotfix for musl build failure https://github.com/mattn/go-sqlite3/issues/1164 -#RUN go get github.com/mattn/go-sqlite3 +# And https://github.com/mattn/go-sqlite3/issues/958 +RUN go get github.com/mattn/go-sqlite3@v1.14.22 # podman (without systemd support) From 565d58499e4ed65c82a0e590677cece31aa7e233 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 2 Mar 2024 20:58:33 -0600 Subject: [PATCH 71/92] go-sqlite3 musl build in alpine --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index d530e35..a096272 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,7 +24,7 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ bash go-md2man # Hotfix for musl build failure https://github.com/mattn/go-sqlite3/issues/1164 # And https://github.com/mattn/go-sqlite3/issues/958 -RUN go get github.com/mattn/go-sqlite3@v1.14.22 +RUN go install github.com/mattn/go-sqlite3@v1.14.22 # podman (without systemd support) From ffa88c2f74cdc15d4c71a689062de5c4eb2da94a Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 2 Mar 2024 21:01:17 -0600 Subject: [PATCH 72/92] Update Dockerfile --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index a096272..d9785de 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ RUN set -eux; \ # podman build base -FROM golang:1.21-alpine3.19 AS podmanbuildbase +FROM golang:1.21-alpine AS podmanbuildbase RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ btrfs-progs btrfs-progs-dev libassuan-dev lvm2-dev device-mapper \ glib-static libc-dev gpgme-dev protobuf-dev protobuf-c-dev \ @@ -24,7 +24,7 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ bash go-md2man # Hotfix for musl build failure https://github.com/mattn/go-sqlite3/issues/1164 # And https://github.com/mattn/go-sqlite3/issues/958 -RUN go install github.com/mattn/go-sqlite3@v1.14.22 +#RUN go get github.com/mattn/go-sqlite3@v1.14.22 # podman (without systemd support) From e4a673029716219fe3d94087f7dcf363c2d475bd Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 2 Mar 2024 21:06:51 -0600 Subject: [PATCH 73/92] Update Dockerfile --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index d9785de..bebde8f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ RUN apk add --no-cache gnupg # runc -FROM golang:1.21-alpine3.19 AS runc +FROM golang:1.21-alpine AS runc ARG RUNC_VERSION=v1.1.12 # Download runc binary release since static build doesn't work with musl libc anymore since 1.1.8, see https://github.com/opencontainers/runc/issues/3950 RUN set -eux; \ @@ -40,7 +40,8 @@ WORKDIR $GOPATH/src/github.com/containers/podman RUN set -ex; \ export CGO_ENABLED=$PODMAN_CGO; \ # Workaround for build failure https://github.com/mattn/go-sqlite3/issues/1164 (fixed in future go-sqlite3 release) - export CGO_CFLAGS="-D_LARGEFILE64_SOURCE"; \ + #export CGO_CFLAGS="-D_LARGEFILE64_SOURCE"; \ + go get github.com/mattn/go-sqlite3@v1.14.22 ; \ make bin/podman LDFLAGS_PODMAN="-s -w -extldflags '-static'" BUILDTAGS='${PODMAN_BUILDTAGS}'; \ mv bin/podman /usr/local/bin/podman; \ podman --help >/dev/null; \ From 4649a879150490d00a80c4aaddb9b0ce7e4c1e08 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 2 Mar 2024 21:07:46 -0600 Subject: [PATCH 74/92] Update Dockerfile-remote --- Dockerfile-remote | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile-remote b/Dockerfile-remote index 7f7b28c..654b5f8 100644 --- a/Dockerfile-remote +++ b/Dockerfile-remote @@ -1,5 +1,5 @@ # podman build base -FROM golang:1.21-alpine3.19 AS podmanbuildbase +FROM golang:1.21-alpine AS podmanbuildbase RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ btrfs-progs btrfs-progs-dev libassuan-dev lvm2-dev device-mapper \ glib-static libc-dev gpgme-dev protobuf-dev protobuf-c-dev \ @@ -21,6 +21,6 @@ RUN set -eux; \ podman --help >/dev/null; \ [ "$(ldd /usr/local/bin/podman-remote | wc -l)" -eq 0 ] || (ldd /usr/local/bin/podman-remote; false) -FROM alpine:3.19 +FROM alpine COPY --from=podman-remote /usr/local/bin /usr/local/bin RUN adduser -D podman-remote -h /podman -u 1000 From 6edb7f35c8e5435afbbabc9d3787e4eac26a6e08 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 2 Mar 2024 21:10:29 -0600 Subject: [PATCH 75/92] Update Dockerfile --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index bebde8f..f06c6c0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Download gpg -FROM alpine:3.19 AS gpg +FROM alpine AS gpg RUN apk add --no-cache gnupg @@ -41,7 +41,7 @@ RUN set -ex; \ export CGO_ENABLED=$PODMAN_CGO; \ # Workaround for build failure https://github.com/mattn/go-sqlite3/issues/1164 (fixed in future go-sqlite3 release) #export CGO_CFLAGS="-D_LARGEFILE64_SOURCE"; \ - go get github.com/mattn/go-sqlite3@v1.14.22 ; \ + go get -mod=readonly github.com/mattn/go-sqlite3@v1.14.22 ; \ make bin/podman LDFLAGS_PODMAN="-s -w -extldflags '-static'" BUILDTAGS='${PODMAN_BUILDTAGS}'; \ mv bin/podman /usr/local/bin/podman; \ podman --help >/dev/null; \ From 69637404514962ead124597195649af4ab13b864 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 2 Mar 2024 21:21:06 -0600 Subject: [PATCH 76/92] Update Dockerfile --- Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index f06c6c0..a57a2d3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -40,14 +40,14 @@ WORKDIR $GOPATH/src/github.com/containers/podman RUN set -ex; \ export CGO_ENABLED=$PODMAN_CGO; \ # Workaround for build failure https://github.com/mattn/go-sqlite3/issues/1164 (fixed in future go-sqlite3 release) - #export CGO_CFLAGS="-D_LARGEFILE64_SOURCE"; \ - go get -mod=readonly github.com/mattn/go-sqlite3@v1.14.22 ; \ - make bin/podman LDFLAGS_PODMAN="-s -w -extldflags '-static'" BUILDTAGS='${PODMAN_BUILDTAGS}'; \ + export CGO_CFLAGS="-D_LARGEFILE64_SOURCE"; \ + make bin/podman CGO_CFLAGS="-D_LARGEFILE64_SOURCE" LDFLAGS_PODMAN="-s -w -extldflags '-static'" BUILDTAGS='${PODMAN_BUILDTAGS}'; \ mv bin/podman /usr/local/bin/podman; \ podman --help >/dev/null; \ ! ldd /usr/local/bin/podman RUN set -ex; \ - CGO_ENABLED=0 make bin/rootlessport BUILDFLAGS=" -mod=vendor -ldflags=\"-s -w -extldflags '-static'\""; \ + #go get github.com/mattn/go-sqlite3@v1.14.22 ; \ + CGO_ENABLED=0 make bin/rootlessport BUILDFLAGS=" -mod=vendor -D_LARGEFILE64_SOURCE -ldflags=\"-s -w -extldflags '-static'\""; \ mkdir -p /usr/local/lib/podman; \ mv bin/rootlessport /usr/local/lib/podman/rootlessport; \ ! ldd /usr/local/lib/podman/rootlessport @@ -158,7 +158,7 @@ RUN set -ex; \ # Build podman base image -FROM alpine:3.19 AS podmanbase +FROM alpine AS podmanbase LABEL maintainer="" RUN apk add --no-cache tzdata ca-certificates COPY --from=conmon /conmon/bin/conmon /usr/local/lib/podman/conmon From 7ae24cc97eb2597f5990f9e696c1b2bc7770c0ca Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 2 Mar 2024 21:24:21 -0600 Subject: [PATCH 77/92] Update push.yml --- .github/workflows/push.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index a72a6ca..f0cf729 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -10,7 +10,7 @@ on: env: PODMAN_IMAGE: podman PODMAN_MINIMAL_IMAGE: podman-minimal - PODMAN_REMOTE_IMAGE: podman-remote + #PODMAN_REMOTE_IMAGE: podman-remote jobs: push: @@ -63,7 +63,8 @@ jobs: # Expand tags: 1.2.3 -> 1 1.2 1.2.3 TAGS="$(echo "$TAGS" | sed -E -e 's/^((([0-9]+)\.[0-9]+)\.[0-9]+)$/\3 \2 \1/')" - for IMAGE in $PODMAN_REMOTE_IMAGE $PODMAN_IMAGE $PODMAN_MINIMAL_IMAGE; do + #for IMAGE in $PODMAN_REMOTE_IMAGE $PODMAN_IMAGE $PODMAN_MINIMAL_IMAGE; do + for IMAGE in $PODMAN_IMAGE $PODMAN_MINIMAL_IMAGE; do TAG_SUFFIX=$(echo $IMAGE | sed -E -e 's/^([^-]+)//') LATEST_TAG="$([ "$TAG_SUFFIX" ] && echo $TAG_SUFFIX | sed -E -e 's/^-//' || echo latest)" [ "$TAGS" == "main" ] && IMAGE_TAGS="$LATEST_TAG" || IMAGE_TAGS="$LATEST_TAG $TAGS" From 3b417dabaae75d39187b1ef44be99bad2bfe021a Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 2 Mar 2024 21:27:27 -0600 Subject: [PATCH 78/92] Revert go 1.21 --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index a57a2d3..f5cf04b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ RUN apk add --no-cache gnupg # runc -FROM golang:1.21-alpine AS runc +FROM golang:1.20-alpine AS runc ARG RUNC_VERSION=v1.1.12 # Download runc binary release since static build doesn't work with musl libc anymore since 1.1.8, see https://github.com/opencontainers/runc/issues/3950 RUN set -eux; \ @@ -16,7 +16,7 @@ RUN set -eux; \ # podman build base -FROM golang:1.21-alpine AS podmanbuildbase +FROM golang:1.20-alpine AS podmanbuildbase RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ btrfs-progs btrfs-progs-dev libassuan-dev lvm2-dev device-mapper \ glib-static libc-dev gpgme-dev protobuf-dev protobuf-c-dev \ @@ -47,7 +47,7 @@ RUN set -ex; \ ! ldd /usr/local/bin/podman RUN set -ex; \ #go get github.com/mattn/go-sqlite3@v1.14.22 ; \ - CGO_ENABLED=0 make bin/rootlessport BUILDFLAGS=" -mod=vendor -D_LARGEFILE64_SOURCE -ldflags=\"-s -w -extldflags '-static'\""; \ + CGO_ENABLED=0 make bin/rootlessport BUILDFLAGS=" -mod=vendor -cflags=\"-D_LARGEFILE64_SOURCE\" -ldflags=\"-s -w -extldflags '-static'\""; \ mkdir -p /usr/local/lib/podman; \ mv bin/rootlessport /usr/local/lib/podman/rootlessport; \ ! ldd /usr/local/lib/podman/rootlessport From 94fd5d22c91f3c224633f683b4341b39a97b55cb Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 2 Mar 2024 21:29:47 -0600 Subject: [PATCH 79/92] Revert go 1.21 --- Dockerfile-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile-remote b/Dockerfile-remote index 654b5f8..75ea076 100644 --- a/Dockerfile-remote +++ b/Dockerfile-remote @@ -1,5 +1,5 @@ # podman build base -FROM golang:1.21-alpine AS podmanbuildbase +FROM golang:1.20-alpine AS podmanbuildbase RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ btrfs-progs btrfs-progs-dev libassuan-dev lvm2-dev device-mapper \ glib-static libc-dev gpgme-dev protobuf-dev protobuf-c-dev \ From 2f8c27e81cd4760fce6710d0e0786eed67da0fd3 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 2 Mar 2024 21:31:02 -0600 Subject: [PATCH 80/92] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f5cf04b..293802d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,7 +47,7 @@ RUN set -ex; \ ! ldd /usr/local/bin/podman RUN set -ex; \ #go get github.com/mattn/go-sqlite3@v1.14.22 ; \ - CGO_ENABLED=0 make bin/rootlessport BUILDFLAGS=" -mod=vendor -cflags=\"-D_LARGEFILE64_SOURCE\" -ldflags=\"-s -w -extldflags '-static'\""; \ + CGO_ENABLED=0 make bin/rootlessport BUILDFLAGS=" -mod=vendor -ldflags=\"-s -w -extldflags '-static'\""; \ mkdir -p /usr/local/lib/podman; \ mv bin/rootlessport /usr/local/lib/podman/rootlessport; \ ! ldd /usr/local/lib/podman/rootlessport From 6205a20bc2ffcfae1b32bf26748ebdefb4a244b2 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 2 Mar 2024 21:46:08 -0600 Subject: [PATCH 81/92] Revert (#6) --- Dockerfile | 17 +++++++++-------- Dockerfile-remote | 4 ++-- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 293802d..4f9c502 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,10 @@ # Download gpg -FROM alpine AS gpg +FROM alpine:3.18 AS gpg RUN apk add --no-cache gnupg # runc -FROM golang:1.20-alpine AS runc +FROM golang:1.21-alpine3.18 AS runc ARG RUNC_VERSION=v1.1.12 # Download runc binary release since static build doesn't work with musl libc anymore since 1.1.8, see https://github.com/opencontainers/runc/issues/3950 RUN set -eux; \ @@ -16,7 +16,7 @@ RUN set -eux; \ # podman build base -FROM golang:1.20-alpine AS podmanbuildbase +FROM golang:1.21-alpine3.18 AS podmanbuildbase RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ btrfs-progs btrfs-progs-dev libassuan-dev lvm2-dev device-mapper \ glib-static libc-dev gpgme-dev protobuf-dev protobuf-c-dev \ @@ -39,14 +39,15 @@ RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${PODMAN_VERSION WORKDIR $GOPATH/src/github.com/containers/podman RUN set -ex; \ export CGO_ENABLED=$PODMAN_CGO; \ - # Workaround for build failure https://github.com/mattn/go-sqlite3/issues/1164 (fixed in future go-sqlite3 release) - export CGO_CFLAGS="-D_LARGEFILE64_SOURCE"; \ - make bin/podman CGO_CFLAGS="-D_LARGEFILE64_SOURCE" LDFLAGS_PODMAN="-s -w -extldflags '-static'" BUILDTAGS='${PODMAN_BUILDTAGS}'; \ + # Workaround for build failure https://github.com/mattn/go-sqlite3/issues/1164 (fixed in future go-sqlite3 release + #export CGO_CFLAGS="-D_LARGEFILE64_SOURCE"; \ + #go get github.com/mattn/go-sqlite3@v1.14.22 ; \ + make bin/podman LDFLAGS_PODMAN="-s -w -extldflags '-static'" BUILDTAGS='${PODMAN_BUILDTAGS}'; \ mv bin/podman /usr/local/bin/podman; \ podman --help >/dev/null; \ ! ldd /usr/local/bin/podman RUN set -ex; \ - #go get github.com/mattn/go-sqlite3@v1.14.22 ; \ + #go get github.com/mattn/go-sqlite3@v1.14.22 ; \ CGO_ENABLED=0 make bin/rootlessport BUILDFLAGS=" -mod=vendor -ldflags=\"-s -w -extldflags '-static'\""; \ mkdir -p /usr/local/lib/podman; \ mv bin/rootlessport /usr/local/lib/podman/rootlessport; \ @@ -158,7 +159,7 @@ RUN set -ex; \ # Build podman base image -FROM alpine AS podmanbase +FROM alpine:3.18 AS podmanbase LABEL maintainer="" RUN apk add --no-cache tzdata ca-certificates COPY --from=conmon /conmon/bin/conmon /usr/local/lib/podman/conmon diff --git a/Dockerfile-remote b/Dockerfile-remote index 75ea076..0881515 100644 --- a/Dockerfile-remote +++ b/Dockerfile-remote @@ -1,5 +1,5 @@ # podman build base -FROM golang:1.20-alpine AS podmanbuildbase +FROM golang:1.21-alpine3.18 AS podmanbuildbase RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ btrfs-progs btrfs-progs-dev libassuan-dev lvm2-dev device-mapper \ glib-static libc-dev gpgme-dev protobuf-dev protobuf-c-dev \ @@ -21,6 +21,6 @@ RUN set -eux; \ podman --help >/dev/null; \ [ "$(ldd /usr/local/bin/podman-remote | wc -l)" -eq 0 ] || (ldd /usr/local/bin/podman-remote; false) -FROM alpine +FROM alpine:3.18 COPY --from=podman-remote /usr/local/bin /usr/local/bin RUN adduser -D podman-remote -h /podman -u 1000 From 3e11d2c35f58e2b66e639f74af95ce7957a592ea Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Mon, 25 Mar 2024 00:14:38 -0500 Subject: [PATCH 82/92] Update Podman version to v5.0.0 --- Dockerfile | 65 ++++++++++++++++++++++------------------------- Dockerfile-remote | 2 +- 2 files changed, 31 insertions(+), 36 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4f9c502..67c1c41 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,16 +22,13 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ glib-static libc-dev gpgme-dev protobuf-dev protobuf-c-dev \ libseccomp-dev libseccomp-static libselinux-dev ostree-dev openssl iptables \ bash go-md2man -# Hotfix for musl build failure https://github.com/mattn/go-sqlite3/issues/1164 -# And https://github.com/mattn/go-sqlite3/issues/958 -#RUN go get github.com/mattn/go-sqlite3@v1.14.22 # podman (without systemd support) FROM podmanbuildbase AS podman RUN apk add --update --no-cache tzdata curl -ARG PODMAN_VERSION=v4.9.3 +ARG PODMAN_VERSION=v5.0.0 ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper containers_image_openpgp' ARG PODMAN_CGO=1 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman @@ -39,15 +36,11 @@ RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${PODMAN_VERSION WORKDIR $GOPATH/src/github.com/containers/podman RUN set -ex; \ export CGO_ENABLED=$PODMAN_CGO; \ - # Workaround for build failure https://github.com/mattn/go-sqlite3/issues/1164 (fixed in future go-sqlite3 release - #export CGO_CFLAGS="-D_LARGEFILE64_SOURCE"; \ - #go get github.com/mattn/go-sqlite3@v1.14.22 ; \ make bin/podman LDFLAGS_PODMAN="-s -w -extldflags '-static'" BUILDTAGS='${PODMAN_BUILDTAGS}'; \ mv bin/podman /usr/local/bin/podman; \ podman --help >/dev/null; \ ! ldd /usr/local/bin/podman RUN set -ex; \ - #go get github.com/mattn/go-sqlite3@v1.14.22 ; \ CGO_ENABLED=0 make bin/rootlessport BUILDFLAGS=" -mod=vendor -ldflags=\"-s -w -extldflags '-static'\""; \ mkdir -p /usr/local/lib/podman; \ mv bin/rootlessport /usr/local/lib/podman/rootlessport; \ @@ -68,31 +61,32 @@ RUN set -ex; \ # CNI network backend and Cgroups V1 are deprecated +# https://github.com/containers/podman/blob/main/docs/source/markdown/podman-network.1.md # CNI plugins (removed in podman 5.0 and replaced by netavark) -FROM podmanbuildbase AS cniplugins -ARG CNI_PLUGIN_VERSION=v1.4.0 -ARG CNI_PLUGINS="ipam/host-local main/loopback main/bridge meta/portmap meta/tuning meta/firewall" -RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${CNI_PLUGIN_VERSION} https://github.com/containernetworking/plugins /go/src/github.com/containernetworking/plugins -WORKDIR /go/src/github.com/containernetworking/plugins -RUN set -ex; \ - for PLUGINDIR in $CNI_PLUGINS; do \ - PLUGINBIN=/usr/local/lib/cni/$(basename $PLUGINDIR); \ - CGO_ENABLED=0 go build -o $PLUGINBIN -ldflags "-s -w -extldflags '-static'" ./plugins/$PLUGINDIR; \ - ! ldd $PLUGINBIN; \ - done +#FROM podmanbuildbase AS cniplugins +#ARG CNI_PLUGIN_VERSION=v1.4.0 +#ARG CNI_PLUGINS="ipam/host-local main/loopback main/bridge meta/portmap meta/tuning meta/firewall" +#RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${CNI_PLUGIN_VERSION} https://github.com/containernetworking/plugins /go/src/github.com/containernetworking/plugins +#WORKDIR /go/src/github.com/containernetworking/plugins +#RUN set -ex; \ +# for PLUGINDIR in $CNI_PLUGINS; do \ +# PLUGINBIN=/usr/local/lib/cni/$(basename $PLUGINDIR); \ +# CGO_ENABLED=0 go build -o $PLUGINBIN -ldflags "-s -w -extldflags '-static'" ./plugins/$PLUGINDIR; \ +# ! ldd $PLUGINBIN; \ +# done # netavark -#FROM podmanbuildbase AS netavark -##RUN apk add --update --no-cache tzdata curl rust cargo -#RUN apk add --update --no-cache rust cargo -#ARG NETAVARK_VERSION=v1.9.0 -#RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION} https://github.com/containers/netavark /netavark -##RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION:-$(curl -s https://api.github.com/repos/containers/netavark/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/netavark /netavark -#WORKDIR /netavark -#RUN set -ex; \ -# make build_netavark -## make +FROM podmanbuildbase AS netavark +#RUN apk add --update --no-cache tzdata curl rust cargo +RUN apk add --update --no-cache rust cargo +ARG NETAVARK_VERSION=v1.10.3 +RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION} https://github.com/containers/netavark /netavark +#RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${NETAVARK_VERSION:-$(curl -s https://api.github.com/repos/containers/netavark/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/netavark /netavark +WORKDIR /netavark +RUN set -ex; \ + make build_netavark +# make # slirp4netns @@ -110,7 +104,7 @@ RUN set -ex; \ ninja -C build install # Build slirp4netns WORKDIR / -ARG SLIRP4NETNS_VERSION=v1.2.2 +ARG SLIRP4NETNS_VERSION=v1.2.3 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${SLIRP4NETNS_VERSION} https://github.com/rootless-containers/slirp4netns.git #RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${SLIRP4NETNS_VERSION:-$(curl -s https://api.github.com/repos/rootless-containers/slirp4netns/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/rootless-containers/slirp4netns.git WORKDIR /slirp4netns @@ -192,9 +186,10 @@ FROM rootlesspodmanbase AS rootlesspodmanrunc COPY --from=runc /usr/local/bin/runc /usr/local/bin/runc # Download crun -# (switched keyserver from sks to ubuntu since sks is offline now and gpg refuses to import keys from keys.openpgp.org because it does not provide a user ID with the key.) +# (switched keyserver from sks to ubuntu since sks is offline now +# and gpg refuses to import keys from keys.openpgp.org because it does not provide a user ID with the key.) FROM gpg AS crun -ARG CRUN_VERSION=1.14 +ARG CRUN_VERSION=1.14.4 RUN set -ex; \ wget -O /usr/local/bin/crun https://github.com/containers/crun/releases/download/$CRUN_VERSION/crun-${CRUN_VERSION}-linux-amd64-disable-systemd; \ wget -O /tmp/crun.asc https://github.com/containers/crun/releases/download/$CRUN_VERSION/crun-${CRUN_VERSION}-linux-amd64-disable-systemd.asc; \ @@ -212,7 +207,7 @@ COPY conf/crun-containers.conf /etc/containers/containers.conf FROM rootlesspodmanrunc AS podmanall RUN apk add --no-cache iptables ip6tables COPY --from=slirp4netns /slirp4netns/slirp4netns /usr/local/bin/slirp4netns -COPY --from=cniplugins /usr/local/lib/cni /usr/local/lib/cni -#COPY --from=netavark /netavark/bin/netavark /usr/local/bin/netavark +#COPY --from=cniplugins /usr/local/lib/cni /usr/local/lib/cni +COPY --from=netavark /netavark/bin/netavark /usr/local/bin/netavark COPY --from=catatonit /catatonit/catatonit /usr/local/lib/podman/catatonit -COPY conf/cni /etc/cni +#COPY conf/cni /etc/cni diff --git a/Dockerfile-remote b/Dockerfile-remote index 0881515..7782bb4 100644 --- a/Dockerfile-remote +++ b/Dockerfile-remote @@ -9,7 +9,7 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ # podman remote FROM podmanbuildbase AS podman-remote RUN apk add --update --no-cache curl -ARG PODMAN_VERSION=v4.9.3 +ARG PODMAN_VERSION=v5.0.0 RUN git clone -c advice.detachedHead=false --depth=1 --branch=${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman WORKDIR $GOPATH/src/github.com/containers/podman RUN make install.tools From a2ce6be9db8b1baf89f0c950a4fd50fb15e05eb0 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Mon, 1 Apr 2024 23:24:23 -0500 Subject: [PATCH 83/92] netavark path and readme updating. --- Dockerfile | 2 +- README.md | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 67c1c41..66fb677 100644 --- a/Dockerfile +++ b/Dockerfile @@ -208,6 +208,6 @@ FROM rootlesspodmanrunc AS podmanall RUN apk add --no-cache iptables ip6tables COPY --from=slirp4netns /slirp4netns/slirp4netns /usr/local/bin/slirp4netns #COPY --from=cniplugins /usr/local/lib/cni /usr/local/lib/cni -COPY --from=netavark /netavark/bin/netavark /usr/local/bin/netavark +COPY --from=netavark /netavark/bin/netavark /usr/local/lib/podman/netavark COPY --from=catatonit /catatonit/catatonit /usr/local/lib/podman/catatonit #COPY conf/cni /etc/cni diff --git a/README.md b/README.md index a039c05..84c747c 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,8 @@ This project provides alpine-based podman container images and statically linked * [conmon](https://github.com/containers/conmon) * [fuse-overlayfs](https://github.com/containers/fuse-overlayfs) and [libfuse](https://github.com/libfuse/libfuse) * [slirp4netns](https://github.com/rootless-containers/slirp4netns) (with [libslirp](https://gitlab.freedesktop.org/slirp/libslirp)) -* [CNI plugins](https://github.com/containernetworking/plugins): loopback, bridge, host-local, portmap, firewall, tuning +* [Netavark](https://github.com/containers/netavark): container network stack and default in podman 5 or later +~* [CNI plugins](https://github.com/containernetworking/plugins): loopback, bridge, host-local, portmap, firewall, tuning~ * [catatonit](https://github.com/openSUSE/catatonit) CNI may be replaced. See also: [Podman Networking Docs](https://docs.podman.io/en/latest/markdown/podman-network.1.html) @@ -17,7 +18,7 @@ The following image tags are supported: | Tag | Description | | --- | ----------- | -| `latest`, `` | podman with both rootless and rootful dependencies: runc, conmon, fuse-overlayfs, slirp4netns, CNI plugins, catatonit. | +| `latest`, `` | podman with both rootless and rootful dependencies: runc, conmon, fuse-overlayfs, slirp4netns, netavark, ~CNI plugins~, catatonit. | | `minimal`, `-minimal` | podman, crun, fuse-overlayfs and conmon binaries, configured to use the host's existing namespaces (low isolation level). | | `remote`, `-remote` | the podman remote binary. | @@ -75,6 +76,8 @@ The following binaries should be installed on your host: * `nsenter` * `uidmap` (for rootless mode) +[nftables](https://netfilter.org/projects/nftables/) (with or without optional iptables-nft wrapper) to be included in the future [WIP](https://github.com/containers/netavark/pull/883) + In order to run rootless containers that use multiple uids/gids you may want to set up a uid/gid mapping for your user on your host: ``` sudo sh -c "echo $(id -un):100000:200000 >> /etc/subuid" @@ -82,7 +85,7 @@ sudo sh -c "echo $(id -gn):100000:200000 >> /etc/subgid" ``` _Please make sure you don't add the mapping multiple times._ -To support applications that use the `docker` command you may want to link it to `podman` as follows: +For support applications that rely on the `docker` command one quick option is to link `podman` as follows: ```sh sudo ln -s /usr/local/bin/podman /usr/local/bin/docker ``` From 1a105505e8cc20992b39c0b703b0d12d6bd2f1c4 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Wed, 1 May 2024 19:12:30 -0500 Subject: [PATCH 84/92] Update Dockerfile 5.0.2 --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 66fb677..b1791f2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,7 +28,7 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ FROM podmanbuildbase AS podman RUN apk add --update --no-cache tzdata curl -ARG PODMAN_VERSION=v5.0.0 +ARG PODMAN_VERSION=v5.0.2 ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper containers_image_openpgp' ARG PODMAN_CGO=1 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman @@ -51,7 +51,7 @@ RUN set -ex; \ FROM podmanbuildbase AS conmon #RUN apk add --update --no-cache tzdata curl -ARG CONMON_VERSION=v2.1.10 +ARG CONMON_VERSION=v2.1.11 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${CONMON_VERSION} https://github.com/containers/conmon.git /conmon #RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${CONMON_VERSION:-$(curl -s https://api.github.com/repos/containers/conmon/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/containers/conmon.git /conmon WORKDIR /conmon @@ -104,7 +104,7 @@ RUN set -ex; \ ninja -C build install # Build slirp4netns WORKDIR / -ARG SLIRP4NETNS_VERSION=v1.2.3 +ARG SLIRP4NETNS_VERSION=v1.3.0 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${SLIRP4NETNS_VERSION} https://github.com/rootless-containers/slirp4netns.git #RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${SLIRP4NETNS_VERSION:-$(curl -s https://api.github.com/repos/rootless-containers/slirp4netns/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/rootless-containers/slirp4netns.git WORKDIR /slirp4netns From 011163de48065e5f2bc2b97868ad72a387fcf043 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 4 May 2024 04:06:01 -0500 Subject: [PATCH 85/92] Update Dockerfile --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b1791f2..64c52c8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -208,6 +208,7 @@ FROM rootlesspodmanrunc AS podmanall RUN apk add --no-cache iptables ip6tables COPY --from=slirp4netns /slirp4netns/slirp4netns /usr/local/bin/slirp4netns #COPY --from=cniplugins /usr/local/lib/cni /usr/local/lib/cni -COPY --from=netavark /netavark/bin/netavark /usr/local/lib/podman/netavark +#COPY --from=netavark /netavark/bin/netavark /usr/local/lib/podman/netavark +COPY --from=netavark /netavark/bin/netavark /usr/local/bin/podman/netavark COPY --from=catatonit /catatonit/catatonit /usr/local/lib/podman/catatonit #COPY conf/cni /etc/cni From 4169abc3aeb8aa0aa1cfdfd58d73b9a58683ceb4 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 4 May 2024 04:12:21 -0500 Subject: [PATCH 86/92] Update Dockerfile --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 64c52c8..b1791f2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -208,7 +208,6 @@ FROM rootlesspodmanrunc AS podmanall RUN apk add --no-cache iptables ip6tables COPY --from=slirp4netns /slirp4netns/slirp4netns /usr/local/bin/slirp4netns #COPY --from=cniplugins /usr/local/lib/cni /usr/local/lib/cni -#COPY --from=netavark /netavark/bin/netavark /usr/local/lib/podman/netavark -COPY --from=netavark /netavark/bin/netavark /usr/local/bin/podman/netavark +COPY --from=netavark /netavark/bin/netavark /usr/local/lib/podman/netavark COPY --from=catatonit /catatonit/catatonit /usr/local/lib/podman/catatonit #COPY conf/cni /etc/cni From fb116ac50d819eccdfc3b2d9ed3cb13f1596a1de Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Tue, 14 May 2024 14:55:30 -0500 Subject: [PATCH 87/92] MacOS Build preview (#7) * Update release.yml * Array runs on --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8aaafd2..a464304 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ env: jobs: push: - runs-on: ubuntu-latest + runs-on: [ubuntu-latest, macos-13] # if: github.event_name == 'push' steps: From 21a21e6ccfc1b41db1db6accd4ca0486e733a835 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Tue, 14 May 2024 15:22:30 -0500 Subject: [PATCH 88/92] Matrix OS strategy. More changes to follow for action compat. (#8) --- .github/workflows/release.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a464304..25cfb17 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,11 @@ env: jobs: push: - runs-on: [ubuntu-latest, macos-13] + #runs-on: ubuntu-latest + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-latest, macos-latest] # if: github.event_name == 'push' steps: From 69209affe5b7fe9bdf3a0ad234a7c197dac70a54 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Tue, 14 May 2024 15:36:43 -0500 Subject: [PATCH 89/92] Revert "Matrix OS strategy. More changes to follow for action compat. (#8)" (#9) This reverts commit 21a21e6ccfc1b41db1db6accd4ca0486e733a835. --- .github/workflows/release.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 25cfb17..a464304 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,11 +17,7 @@ env: jobs: push: - #runs-on: ubuntu-latest - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [ubuntu-latest, macos-latest] + runs-on: [ubuntu-latest, macos-13] # if: github.event_name == 'push' steps: From b923b937af02657884d3b045675d637c38207809 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Tue, 14 May 2024 15:37:10 -0500 Subject: [PATCH 90/92] Revert "MacOS Build preview (#7)" (#10) This reverts commit fb116ac50d819eccdfc3b2d9ed3cb13f1596a1de. --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a464304..8aaafd2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ env: jobs: push: - runs-on: [ubuntu-latest, macos-13] + runs-on: ubuntu-latest # if: github.event_name == 'push' steps: From 948857660c7cfbebc229f243cac23df8476591ee Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Tue, 14 May 2024 15:47:23 -0500 Subject: [PATCH 91/92] Imminent podman version 5.0.3 build --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index b1791f2..8a35579 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,7 +28,7 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \ FROM podmanbuildbase AS podman RUN apk add --update --no-cache tzdata curl -ARG PODMAN_VERSION=v5.0.2 +ARG PODMAN_VERSION=v5.0.3 ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper containers_image_openpgp' ARG PODMAN_CGO=1 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman @@ -94,7 +94,7 @@ FROM podmanbuildbase AS slirp4netns WORKDIR / RUN apk add --update --no-cache autoconf automake meson ninja linux-headers libcap-static libcap-dev clang llvm # Build libslirp -ARG LIBSLIRP_VERSION=v4.7.0 +ARG LIBSLIRP_VERSION=v4.8.0 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${LIBSLIRP_VERSION} https://gitlab.freedesktop.org/slirp/libslirp.git WORKDIR /libslirp RUN set -ex; \ @@ -104,7 +104,7 @@ RUN set -ex; \ ninja -C build install # Build slirp4netns WORKDIR / -ARG SLIRP4NETNS_VERSION=v1.3.0 +ARG SLIRP4NETNS_VERSION=v1.3.1 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${SLIRP4NETNS_VERSION} https://github.com/rootless-containers/slirp4netns.git #RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${SLIRP4NETNS_VERSION:-$(curl -s https://api.github.com/repos/rootless-containers/slirp4netns/releases/latest | grep tag_name | cut -d '"' -f 4)} https://github.com/rootless-containers/slirp4netns.git WORKDIR /slirp4netns @@ -189,7 +189,7 @@ COPY --from=runc /usr/local/bin/runc /usr/local/bin/runc # (switched keyserver from sks to ubuntu since sks is offline now # and gpg refuses to import keys from keys.openpgp.org because it does not provide a user ID with the key.) FROM gpg AS crun -ARG CRUN_VERSION=1.14.4 +ARG CRUN_VERSION=1.15 RUN set -ex; \ wget -O /usr/local/bin/crun https://github.com/containers/crun/releases/download/$CRUN_VERSION/crun-${CRUN_VERSION}-linux-amd64-disable-systemd; \ wget -O /tmp/crun.asc https://github.com/containers/crun/releases/download/$CRUN_VERSION/crun-${CRUN_VERSION}-linux-amd64-disable-systemd.asc; \ From 08bba8306127e4a2a799c7d0e996ed6a0c47a277 Mon Sep 17 00:00:00 2001 From: Trent Apple Date: Sat, 18 May 2024 13:17:33 -0500 Subject: [PATCH 92/92] Delete conf/cni/net.d directory --- conf/cni/net.d/87-podman-bridge.conflist | 31 ------------------------ 1 file changed, 31 deletions(-) delete mode 100644 conf/cni/net.d/87-podman-bridge.conflist diff --git a/conf/cni/net.d/87-podman-bridge.conflist b/conf/cni/net.d/87-podman-bridge.conflist deleted file mode 100644 index 8ee747e..0000000 --- a/conf/cni/net.d/87-podman-bridge.conflist +++ /dev/null @@ -1,31 +0,0 @@ -{ - "cniVersion": "0.4.0", - "name": "podman", - "plugins": [ - { - "type": "bridge", - "bridge": "cni-podman0", - "isGateway": true, - "ipMasq": true, - "hairpinMode": true, - "ipam": { - "type": "host-local", - "routes": [{ "dst": "0.0.0.0/0" }], - "ranges": [ - [ - { - "subnet": "10.88.0.0/16", - "gateway": "10.88.0.1" - } - ] - ] - } - }, - { - "type": "portmap", - "capabilities": { - "portMappings": true - } - } - ] -}