ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2025-01-08 06:28:50 +03:00
Code Issues Projects Releases Wiki Activity

Revert "podman: remove wrapper"

Browse Source 
This reverts commit 02f9255044.

broke rootlessport port forwarding
This commit is contained in:
zowoq 2023-02-17 19:43:08 +10:00
parent 1256bb346f
commit 3e081095a4
4 changed files with 105 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
nixos/modules/virtualisation/podman/default.nix
View File

@ -9,8 +9,7 @@ let
extraPackages = cfg.extraPackages extraPackages = cfg.extraPackages
# setuid shadow # setuid shadow
++ [ "/run/wrappers" ] ++ [ "/run/wrappers" ]
# include pkgs.zfs by default in the wrapped podman used by the module so it is cached ++ lib.optional (builtins.elem "zfs" config.boot.supportedFilesystems) config.boot.zfs.package;
++ (if (builtins.elem "zfs" config.boot.supportedFilesystems) then [ config.boot.zfs.package ] else [ pkgs.zfs ]);
}); });
# Provides a fake "docker" binary mapping to podman # Provides a fake "docker" binary mapping to podman
@ -184,6 +183,10 @@ in
systemd.packages = [ cfg.package ]; systemd.packages = [ cfg.package ];
systemd.services.podman.serviceConfig = {
ExecStart = [ "" "${cfg.package}/bin/podman $LOGGING system service" ];
};
systemd.services.podman-prune = { systemd.services.podman-prune = {
description = "Prune podman resources"; description = "Prune podman resources";
@ -204,6 +207,10 @@ in
systemd.sockets.podman.wantedBy = [ "sockets.target" ]; systemd.sockets.podman.wantedBy = [ "sockets.target" ];
systemd.sockets.podman.socketConfig.SocketGroup = "podman"; systemd.sockets.podman.socketConfig.SocketGroup = "podman";
systemd.user.services.podman.serviceConfig = {
ExecStart = [ "" "${cfg.package}/bin/podman $LOGGING system service" ];
};
systemd.user.sockets.podman.wantedBy = [ "sockets.target" ]; systemd.user.sockets.podman.wantedBy = [ "sockets.target" ];
systemd.tmpfiles.packages = [ systemd.tmpfiles.packages = [

71
pkgs/applications/virtualization/podman/default.nix
View File

@ -14,52 +14,10 @@
, go-md2man , go-md2man
, nixosTests , nixosTests
, python3 , python3
, makeWrapper
, symlinkJoin
, extraPackages ? [ ]
, runc
, crun
, conmon
, slirp4netns
, fuse-overlayfs
, util-linux
, iptables
, iproute2
, catatonit
, gvproxy
, aardvark-dns
, netavark
, testers , testers
, podman , podman
}: }:
let
# do not add qemu to this wrapper, store paths get written to the podman vm config and break when GCed
binPath = lib.makeBinPath ([
] ++ lib.optionals stdenv.isLinux [
runc
crun
conmon
slirp4netns
fuse-overlayfs
util-linux
iptables
iproute2
] ++ extraPackages);
helpersBin = symlinkJoin {
name = "podman-helper-binary-wrapper";
# this only works for some binaries, others may need to be be added to `binPath` or in the modules
paths = [
gvproxy
] ++ lib.optionals stdenv.isLinux [
aardvark-dns
catatonit # added here for the pause image and also set in `containersConf` for `init_path`
netavark
];
};
in
buildGoModule rec { buildGoModule rec {
pname = "podman"; pname = "podman";
version = "4.4.1"; version = "4.4.1";
@ -80,9 +38,9 @@ buildGoModule rec {
doCheck = false; doCheck = false;
outputs = [ "out" "man" ]; outputs = [ "out" "man" ] ++ lib.optionals stdenv.isLinux [ "rootlessport" ];
nativeBuildInputs = [ pkg-config go-md2man installShellFiles makeWrapper python3 ]; nativeBuildInputs = [ pkg-config go-md2man installShellFiles python3 ];
buildInputs = lib.optionals stdenv.isLinux [ buildInputs = lib.optionals stdenv.isLinux [
btrfs-progs btrfs-progs
@ -94,16 +52,13 @@ buildGoModule rec {
systemd systemd
]; ];
HELPER_BINARIES_DIR = "${helpersBin}/bin";
PREFIX = "${placeholder "out"}";
buildPhase = '' buildPhase = ''
runHook preBuild runHook preBuild
patchShebangs . patchShebangs .
${if stdenv.isDarwin then '' ${if stdenv.isDarwin then ''
make podman-remote # podman-mac-helper uses FHS paths make podman-remote # podman-mac-helper uses FHS paths
'' else '' '' else ''
make bin/podman bin/rootlessport bin/quadlet make bin/podman bin/rootlessport
''} ''}
make docs make docs
runHook postBuild runHook postBuild
@ -111,20 +66,26 @@ buildGoModule rec {
installPhase = '' installPhase = ''
runHook preInstall runHook preInstall
mkdir -p {$out/{bin,etc,lib,share},$man} # ensure paths exist for the wrapper
${if stdenv.isDarwin then '' ${if stdenv.isDarwin then ''
install bin/darwin/podman -Dt $out/bin mv bin/{darwin/podman,podman}
'' else '' '' else ''
make install.bin install.systemd install -Dm644 contrib/tmpfile/podman.conf -t $out/lib/tmpfiles.d
for s in contrib/systemd/**/*.in; do
substituteInPlace "$s" --replace "@@PODMAN@@" "podman" # don't use unwrapped binary
done
PREFIX=$out make install.systemd
install -Dm555 bin/rootlessport -t $rootlessport/bin
''} ''}
make install.completions install.man install -Dm555 bin/podman -t $out/bin
wrapProgram $out/bin/podman \ PREFIX=$out make install.completions
--prefix PATH : ${lib.escapeShellArg binPath} MANDIR=$man/share/man make install.man
runHook postInstall runHook postInstall
''; '';
postFixup = lib.optionalString stdenv.isLinux '' postFixup = lib.optionalString stdenv.isLinux ''
RPATH=$(patchelf --print-rpath $out/bin/.podman-wrapped) RPATH=$(patchelf --print-rpath $out/bin/podman)
patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/.podman-wrapped patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/podman
''; '';
passthru.tests = { passthru.tests = {

78
pkgs/applications/virtualization/podman/wrapper.nix Normal file
View File

@ -0,0 +1,78 @@
{ podman-unwrapped
, runCommand
, makeWrapper
, symlinkJoin
, lib
, stdenv
, extraPackages ? []
, runc # Default container runtime
, crun # Container runtime (default with cgroups v2 for podman/buildah)
, conmon # Container runtime monitor
, slirp4netns # User-mode networking for unprivileged namespaces
, fuse-overlayfs # CoW for images, much faster than default vfs
, util-linux # nsenter
, iptables
, iproute2
, catatonit
, gvproxy
, aardvark-dns
, netavark
}:
# do not add qemu to this wrapper, store paths get written to the podman vm config and break when GCed
let
binPath = lib.makeBinPath ([
] ++ lib.optionals stdenv.isLinux [
runc
crun
conmon
slirp4netns
fuse-overlayfs
util-linux
iptables
iproute2
] ++ extraPackages);
helpersBin = symlinkJoin {
name = "${podman-unwrapped.pname}-helper-binary-wrapper-${podman-unwrapped.version}";
# this only works for some binaries, others may need to be be added to `binPath` or in the modules
paths = [
gvproxy
] ++ lib.optionals stdenv.isLinux [
aardvark-dns
catatonit # added here for the pause image and also set in `containersConf` for `init_path`
netavark
podman-unwrapped.rootlessport
];
};
in runCommand podman-unwrapped.name {
name = "${podman-unwrapped.pname}-wrapper-${podman-unwrapped.version}";
inherit (podman-unwrapped) pname version passthru;
preferLocalBuild = true;
meta = builtins.removeAttrs podman-unwrapped.meta [ "outputsToInstall" ];
outputs = [
"out"
"man"
];
nativeBuildInputs = [
makeWrapper
];
} ''
ln -s ${podman-unwrapped.man} $man
mkdir -p $out/bin
ln -s ${podman-unwrapped}/etc $out/etc
ln -s ${podman-unwrapped}/lib $out/lib
ln -s ${podman-unwrapped}/share $out/share
makeWrapper ${podman-unwrapped}/bin/podman $out/bin/podman \
--set CONTAINERS_HELPER_BINARY_DIR ${helpersBin}/bin \
--prefix PATH : ${lib.escapeShellArg binPath}
''

3
pkgs/top-level/all-packages.nix
View File

@ -11010,7 +11010,8 @@ with pkgs;
pocketbase = callPackage ../servers/pocketbase { }; pocketbase = callPackage ../servers/pocketbase { };
podman = callPackage ../applications/virtualization/podman { }; podman = callPackage ../applications/virtualization/podman/wrapper.nix { };
podman-unwrapped = callPackage ../applications/virtualization/podman { };
podman-compose = python3Packages.callPackage ../applications/virtualization/podman-compose {}; podman-compose = python3Packages.callPackage ../applications/virtualization/podman-compose {};