Commit 02f92550 authored by zowoq's avatar zowoq
Browse files

podman: remove wrapper 

trying to get all of the podman functionality to work with the wrapper
 is becoming more complicated with each release, it isn't sustainable

removing the wrapper does mean that using extraPackages will need to build from source

- include pkgs.zfs by default in the wrapped podman used by the module so it is cached
  - anyone using zfsUnstable will need to build from source

- remove unnecessary serviceConfig overrides

- set HELPER_BINARIES_DIR during build

- use install.bin target on linux for podman/tmpfiles
  - also installs quadlet/rootlessport in libexec

- remove unnecessary rootlessport output

- remove unnecessary substituteInPlace
parent 04b9fcca

nixos/modules/virtualisation/podman/default.nix

+2 −9
Original line number Diff line number Diff line
@@ -9,7 +9,8 @@ let 
    extraPackages = cfg.extraPackages

      # setuid shadow

      ++ [ "/run/wrappers" ]

      ++ lib.optional (builtins.elem "zfs" config.boot.supportedFilesystems) config.boot.zfs.package;

      # include pkgs.zfs by default in the wrapped podman used by the module so it is cached

      ++ (if (builtins.elem "zfs" config.boot.supportedFilesystems) then [ config.boot.zfs.package ] else [ pkgs.zfs ]);

  });



  # Provides a fake "docker" binary mapping to podman
@@ -183,10 +184,6 @@ in 


      systemd.packages = [ cfg.package ];



      systemd.services.podman.serviceConfig = {

        ExecStart = [ "" "${cfg.package}/bin/podman $LOGGING system service" ];

      };



      systemd.services.podman-prune = {

        description = "Prune podman resources";
@@ -207,10 +204,6 @@ in 
      systemd.sockets.podman.wantedBy = [ "sockets.target" ];

      systemd.sockets.podman.socketConfig.SocketGroup = "podman";



      systemd.user.services.podman.serviceConfig = {

        ExecStart = [ "" "${cfg.package}/bin/podman $LOGGING system service" ];

      };



      systemd.user.sockets.podman.wantedBy = [ "sockets.target" ];



      systemd.tmpfiles.packages = [

pkgs/applications/virtualization/podman/default.nix

+57 −16
Original line number Diff line number Diff line
@@ -14,8 +14,52 @@ 
, go-md2man

, nixosTests

, python3

, makeWrapper

, symlinkJoin

, extraPackages ? [ ]

, runc

, crun

, conmon

, slirp4netns

, fuse-overlayfs

, util-linux

, iptables

, iproute2

, catatonit

, gvproxy

, aardvark-dns

, netavark

, testers

, podman

}:

let

  # do not add qemu to this wrapper, store paths get written to the podman vm config and break when GCed



  binPath = lib.makeBinPath ([

  ] ++ lib.optionals stdenv.isLinux [

    runc

    crun

    conmon

    slirp4netns

    fuse-overlayfs

    util-linux

    iptables

    iproute2

  ] ++ extraPackages);



  helpersBin = symlinkJoin {

    name = "podman-helper-binary-wrapper";



    # this only works for some binaries, others may need to be be added to `binPath` or in the modules

    paths = [

      gvproxy

    ] ++ lib.optionals stdenv.isLinux [

      aardvark-dns

      catatonit # added here for the pause image and also set in `containersConf` for `init_path`

      netavark

    ];

  };

in

buildGoModule rec {

  pname = "podman";

  version = "4.4.1";
@@ -36,9 +80,9 @@ buildGoModule rec { 


  doCheck = false;



  outputs = [ "out" "man" ] ++ lib.optionals stdenv.isLinux [ "rootlessport" ];

  outputs = [ "out" "man" ];



  nativeBuildInputs = [ pkg-config go-md2man installShellFiles python3 ];

  nativeBuildInputs = [ pkg-config go-md2man installShellFiles makeWrapper python3 ];



  buildInputs = lib.optionals stdenv.isLinux [

    btrfs-progs
@@ -50,13 +94,16 @@ buildGoModule rec { 
    systemd

  ];



  HELPER_BINARIES_DIR = "${helpersBin}/bin";

  PREFIX = "${placeholder "out"}";



  buildPhase = ''

    runHook preBuild

    patchShebangs .

    ${if stdenv.isDarwin then ''

      make podman-remote # podman-mac-helper uses FHS paths

    '' else ''

      make bin/podman bin/rootlessport

      make bin/podman bin/rootlessport bin/quadlet

    ''}

    make docs

    runHook postBuild
@@ -64,26 +111,20 @@ buildGoModule rec { 


  installPhase = ''

    runHook preInstall

    mkdir -p {$out/{bin,etc,lib,share},$man} # ensure paths exist for the wrapper

    ${if stdenv.isDarwin then ''

      mv bin/{darwin/podman,podman}

      install bin/darwin/podman -Dt $out/bin

    '' else ''

      install -Dm644 contrib/tmpfile/podman.conf -t $out/lib/tmpfiles.d

      for s in contrib/systemd/**/*.in; do

        substituteInPlace "$s" --replace "@@PODMAN@@" "podman" # don't use unwrapped binary

      done

      PREFIX=$out make install.systemd

      install -Dm555 bin/rootlessport -t $rootlessport/bin

      make install.bin install.systemd

    ''}

    install -Dm555 bin/podman -t $out/bin

    PREFIX=$out make install.completions

    MANDIR=$man/share/man make install.man

    make install.completions install.man

    wrapProgram $out/bin/podman \

      --prefix PATH : ${lib.escapeShellArg binPath}

    runHook postInstall

  '';



  postFixup = lib.optionalString stdenv.isLinux ''

    RPATH=$(patchelf --print-rpath $out/bin/podman)

    patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/podman

    RPATH=$(patchelf --print-rpath $out/bin/.podman-wrapped)

    patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/.podman-wrapped

  '';



  passthru.tests = {

pkgs/applications/virtualization/podman/wrapper.nix

deleted100644 → 0
+0 −78
Original line number Diff line number Diff line 
{ podman-unwrapped

, runCommand

, makeWrapper

, symlinkJoin

, lib

, stdenv

, extraPackages ? []

, runc # Default container runtime

, crun # Container runtime (default with cgroups v2 for podman/buildah)

, conmon # Container runtime monitor

, slirp4netns # User-mode networking for unprivileged namespaces

, fuse-overlayfs # CoW for images, much faster than default vfs

, util-linux # nsenter

, iptables

, iproute2

, catatonit

, gvproxy

, aardvark-dns

, netavark

}:



# do not add qemu to this wrapper, store paths get written to the podman vm config and break when GCed



let

  binPath = lib.makeBinPath ([

  ] ++ lib.optionals stdenv.isLinux [

    runc

    crun

    conmon

    slirp4netns

    fuse-overlayfs

    util-linux

    iptables

    iproute2

  ] ++ extraPackages);



  helpersBin = symlinkJoin {

    name = "${podman-unwrapped.pname}-helper-binary-wrapper-${podman-unwrapped.version}";



    # this only works for some binaries, others may need to be be added to `binPath` or in the modules

    paths = [

      gvproxy

    ] ++ lib.optionals stdenv.isLinux [

      aardvark-dns

      catatonit # added here for the pause image and also set in `containersConf` for `init_path`

      netavark

      podman-unwrapped.rootlessport

    ];

  };



in runCommand podman-unwrapped.name {

  name = "${podman-unwrapped.pname}-wrapper-${podman-unwrapped.version}";

  inherit (podman-unwrapped) pname version passthru;



  preferLocalBuild = true;



  meta = builtins.removeAttrs podman-unwrapped.meta [ "outputsToInstall" ];



  outputs = [

    "out"

    "man"

  ];



  nativeBuildInputs = [

    makeWrapper

  ];



} ''

  ln -s ${podman-unwrapped.man} $man



  mkdir -p $out/bin

  ln -s ${podman-unwrapped}/etc $out/etc

  ln -s ${podman-unwrapped}/lib $out/lib

  ln -s ${podman-unwrapped}/share $out/share

  makeWrapper ${podman-unwrapped}/bin/podman $out/bin/podman \

    --set CONTAINERS_HELPER_BINARY_DIR ${helpersBin}/bin \

    --prefix PATH : ${lib.escapeShellArg binPath}

''

pkgs/top-level/all-packages.nix

+1 −2
Original line number Diff line number Diff line
@@ -11003,8 +11003,7 @@ with pkgs; 














  pocketbase = callPackage ../servers/pocketbase { };



























  podman = callPackage ../applications/virtualization/podman/wrapper.nix { };













  podman-unwrapped = callPackage ../applications/virtualization/podman { };













  podman = callPackage ../applications/virtualization/podman { };





























  podman-compose = python3Packages.callPackage ../applications/virtualization/podman-compose {};