podman: remove wrapper

trying to get all of the podman functionality to work with the wrapper is becoming more complicated with each release, it isn't sustainable removing the wrapper does mean that using extraPackages will need to build from source - remove unnecessary serviceConfig overrides - set HELPER_BINARIES_DIR to libexec/podman - use install.bin target on linux for podman/tmpfiles - also installs quadlet/rootlessport in libexec - symlink binaries from helpersBin into HELPER_BINARIES_DIR - remove unnecessary rootlessport output - remove unnecessary substituteInPlace
Twingate · Feb 28, 2023 · 48642c6 · 48642c6
1 parent 6841e32
commit 48642c6
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 104 deletions.
diff --git a/nixos/modules/virtualisation/podman/default.nix b/nixos/modules/virtualisation/podman/default.nix
@@ -183,10 +183,6 @@ in
 
       systemd.packages = [ cfg.package ];
 
-      systemd.services.podman.serviceConfig = {
-        ExecStart = [ "" "${cfg.package}/bin/podman $LOGGING system service" ];
-      };
-
       systemd.services.podman-prune = {
         description = "Prune podman resources";
 
@@ -207,10 +203,6 @@ in
       systemd.sockets.podman.wantedBy = [ "sockets.target" ];
       systemd.sockets.podman.socketConfig.SocketGroup = "podman";
 
-      systemd.user.services.podman.serviceConfig = {
-        ExecStart = [ "" "${cfg.package}/bin/podman $LOGGING system service" ];
-      };
-
       systemd.user.sockets.podman.wantedBy = [ "sockets.target" ];
 
       systemd.tmpfiles.packages = [

diff --git a/pkgs/applications/virtualization/podman/default.nix b/pkgs/applications/virtualization/podman/default.nix
@@ -14,10 +14,52 @@
 , go-md2man
 , nixosTests
 , python3
+, makeWrapper
+, symlinkJoin
+, extraPackages ? [ ]
+, runc
+, crun
+, conmon
+, slirp4netns
+, fuse-overlayfs
+, util-linux
+, iptables
+, iproute2
+, catatonit
+, gvproxy
+, aardvark-dns
+, netavark
 , testers
 , podman
 }:
+let
+  # do not add qemu to this wrapper, store paths get written to the podman vm config and break when GCed
 
+  binPath = lib.makeBinPath ([
+  ] ++ lib.optionals stdenv.isLinux [
+    runc
+    crun
+    conmon
+    slirp4netns
+    fuse-overlayfs
+    util-linux
+    iptables
+    iproute2
+  ] ++ extraPackages);
+
+  helpersBin = symlinkJoin {
+    name = "podman-helper-binary-wrapper";
+
+    # this only works for some binaries, others may need to be be added to `binPath` or in the modules
+    paths = [
+      gvproxy
+    ] ++ lib.optionals stdenv.isLinux [
+      aardvark-dns
+      catatonit # added here for the pause image and also set in `containersConf` for `init_path`
+      netavark
+    ];
+  };
+in
 buildGoModule rec {
   pname = "podman";
   version = "4.4.2";
@@ -38,9 +80,9 @@ buildGoModule rec {
 
   doCheck = false;
 
-  outputs = [ "out" "man" ] ++ lib.optionals stdenv.isLinux [ "rootlessport" ];
+  outputs = [ "out" "man" ];
 
-  nativeBuildInputs = [ pkg-config go-md2man installShellFiles python3 ];
+  nativeBuildInputs = [ pkg-config go-md2man installShellFiles makeWrapper python3 ];
 
   buildInputs = lib.optionals stdenv.isLinux [
     btrfs-progs
@@ -52,40 +94,39 @@ buildGoModule rec {
     systemd
   ];
 
+  HELPER_BINARIES_DIR = "${PREFIX}/libexec/podman"; # used in buildPhase & installPhase
+  PREFIX = "${placeholder "out"}";
+
   buildPhase = ''
     runHook preBuild
     patchShebangs .
     ${if stdenv.isDarwin then ''
       make podman-remote # podman-mac-helper uses FHS paths
     '' else ''
-      make bin/podman bin/rootlessport
+      make bin/podman bin/rootlessport bin/quadlet
     ''}
     make docs
     runHook postBuild
   '';
 
   installPhase = ''
     runHook preInstall
-    mkdir -p {$out/{bin,etc,lib,share},$man} # ensure paths exist for the wrapper
     ${if stdenv.isDarwin then ''
-      mv bin/{darwin/podman,podman}
+      install bin/darwin/podman -Dt $out/bin
     '' else ''
-      install -Dm644 contrib/tmpfile/podman.conf -t $out/lib/tmpfiles.d
-      for s in contrib/systemd/**/*.in; do
-        substituteInPlace "$s" --replace "@@PODMAN@@" "podman" # don't use unwrapped binary
-      done
-      PREFIX=$out make install.systemd
-      install -Dm555 bin/rootlessport -t $rootlessport/bin
+      make install.bin install.systemd
     ''}
-    install -Dm555 bin/podman -t $out/bin
-    PREFIX=$out make install.completions
-    MANDIR=$man/share/man make install.man
+    make install.completions install.man
+    mkdir -p ${HELPER_BINARIES_DIR}
+    ln -s ${helpersBin}/bin/* ${HELPER_BINARIES_DIR}
+    wrapProgram $out/bin/podman \
+      --prefix PATH : ${lib.escapeShellArg binPath}
     runHook postInstall
   '';
 
   postFixup = lib.optionalString stdenv.isLinux ''
-    RPATH=$(patchelf --print-rpath $out/bin/podman)
-    patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/podman
+    RPATH=$(patchelf --print-rpath $out/bin/.podman-wrapped)
+    patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/.podman-wrapped
   '';
 
   passthru.tests = {

diff --git a/pkgs/applications/virtualization/podman/wrapper.nix b/pkgs/applications/virtualization/podman/wrapper.nix
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
@@ -11074,8 +11074,7 @@ with pkgs;
 
   pocketbase = callPackage ../servers/pocketbase { };
 
-  podman = callPackage ../applications/virtualization/podman/wrapper.nix { };
-  podman-unwrapped = callPackage ../applications/virtualization/podman { };
+  podman = callPackage ../applications/virtualization/podman { };
 
   podman-compose = python3Packages.callPackage ../applications/virtualization/podman-compose {};