From 48642c634e51b949d3ea01f09c28c83f9aa824d9 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Sat, 18 Feb 2023 20:58:23 +1000 Subject: [PATCH] podman: remove wrapper trying to get all of the podman functionality to work with the wrapper is becoming more complicated with each release, it isn't sustainable removing the wrapper does mean that using extraPackages will need to build from source - remove unnecessary serviceConfig overrides - set HELPER_BINARIES_DIR to libexec/podman - use install.bin target on linux for podman/tmpfiles - also installs quadlet/rootlessport in libexec - symlink binaries from helpersBin into HELPER_BINARIES_DIR - remove unnecessary rootlessport output - remove unnecessary substituteInPlace --- .../modules/virtualisation/podman/default.nix | 8 -- .../virtualization/podman/default.nix | 73 +++++++++++++---- .../virtualization/podman/wrapper.nix | 78 ------------------- pkgs/top-level/all-packages.nix | 3 +- 4 files changed, 58 insertions(+), 104 deletions(-) delete mode 100644 pkgs/applications/virtualization/podman/wrapper.nix diff --git a/nixos/modules/virtualisation/podman/default.nix b/nixos/modules/virtualisation/podman/default.nix index baca48305188d..83ddba3ce06ef 100644 --- a/nixos/modules/virtualisation/podman/default.nix +++ b/nixos/modules/virtualisation/podman/default.nix @@ -183,10 +183,6 @@ in systemd.packages = [ cfg.package ]; - systemd.services.podman.serviceConfig = { - ExecStart = [ "" "${cfg.package}/bin/podman $LOGGING system service" ]; - }; - systemd.services.podman-prune = { description = "Prune podman resources"; @@ -207,10 +203,6 @@ in systemd.sockets.podman.wantedBy = [ "sockets.target" ]; systemd.sockets.podman.socketConfig.SocketGroup = "podman"; - systemd.user.services.podman.serviceConfig = { - ExecStart = [ "" "${cfg.package}/bin/podman $LOGGING system service" ]; - }; - systemd.user.sockets.podman.wantedBy = [ "sockets.target" ]; systemd.tmpfiles.packages = [ diff --git a/pkgs/applications/virtualization/podman/default.nix b/pkgs/applications/virtualization/podman/default.nix index 8f206666e408b..287fa02df75fc 100644 --- a/pkgs/applications/virtualization/podman/default.nix +++ b/pkgs/applications/virtualization/podman/default.nix @@ -14,10 +14,52 @@ , go-md2man , nixosTests , python3 +, makeWrapper +, symlinkJoin +, extraPackages ? [ ] +, runc +, crun +, conmon +, slirp4netns +, fuse-overlayfs +, util-linux +, iptables +, iproute2 +, catatonit +, gvproxy +, aardvark-dns +, netavark , testers , podman }: +let + # do not add qemu to this wrapper, store paths get written to the podman vm config and break when GCed + binPath = lib.makeBinPath ([ + ] ++ lib.optionals stdenv.isLinux [ + runc + crun + conmon + slirp4netns + fuse-overlayfs + util-linux + iptables + iproute2 + ] ++ extraPackages); + + helpersBin = symlinkJoin { + name = "podman-helper-binary-wrapper"; + + # this only works for some binaries, others may need to be be added to `binPath` or in the modules + paths = [ + gvproxy + ] ++ lib.optionals stdenv.isLinux [ + aardvark-dns + catatonit # added here for the pause image and also set in `containersConf` for `init_path` + netavark + ]; + }; +in buildGoModule rec { pname = "podman"; version = "4.4.2"; @@ -38,9 +80,9 @@ buildGoModule rec { doCheck = false; - outputs = [ "out" "man" ] ++ lib.optionals stdenv.isLinux [ "rootlessport" ]; + outputs = [ "out" "man" ]; - nativeBuildInputs = [ pkg-config go-md2man installShellFiles python3 ]; + nativeBuildInputs = [ pkg-config go-md2man installShellFiles makeWrapper python3 ]; buildInputs = lib.optionals stdenv.isLinux [ btrfs-progs @@ -52,13 +94,16 @@ buildGoModule rec { systemd ]; + HELPER_BINARIES_DIR = "${PREFIX}/libexec/podman"; # used in buildPhase & installPhase + PREFIX = "${placeholder "out"}"; + buildPhase = '' runHook preBuild patchShebangs . ${if stdenv.isDarwin then '' make podman-remote # podman-mac-helper uses FHS paths '' else '' - make bin/podman bin/rootlessport + make bin/podman bin/rootlessport bin/quadlet ''} make docs runHook postBuild @@ -66,26 +111,22 @@ buildGoModule rec { installPhase = '' runHook preInstall - mkdir -p {$out/{bin,etc,lib,share},$man} # ensure paths exist for the wrapper ${if stdenv.isDarwin then '' - mv bin/{darwin/podman,podman} + install bin/darwin/podman -Dt $out/bin '' else '' - install -Dm644 contrib/tmpfile/podman.conf -t $out/lib/tmpfiles.d - for s in contrib/systemd/**/*.in; do - substituteInPlace "$s" --replace "@@PODMAN@@" "podman" # don't use unwrapped binary - done - PREFIX=$out make install.systemd - install -Dm555 bin/rootlessport -t $rootlessport/bin + make install.bin install.systemd ''} - install -Dm555 bin/podman -t $out/bin - PREFIX=$out make install.completions - MANDIR=$man/share/man make install.man + make install.completions install.man + mkdir -p ${HELPER_BINARIES_DIR} + ln -s ${helpersBin}/bin/* ${HELPER_BINARIES_DIR} + wrapProgram $out/bin/podman \ + --prefix PATH : ${lib.escapeShellArg binPath} runHook postInstall ''; postFixup = lib.optionalString stdenv.isLinux '' - RPATH=$(patchelf --print-rpath $out/bin/podman) - patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/podman + RPATH=$(patchelf --print-rpath $out/bin/.podman-wrapped) + patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/.podman-wrapped ''; passthru.tests = { diff --git a/pkgs/applications/virtualization/podman/wrapper.nix b/pkgs/applications/virtualization/podman/wrapper.nix deleted file mode 100644 index 7fe483a7079e5..0000000000000 --- a/pkgs/applications/virtualization/podman/wrapper.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ podman-unwrapped -, runCommand -, makeWrapper -, symlinkJoin -, lib -, stdenv -, extraPackages ? [] -, runc # Default container runtime -, crun # Container runtime (default with cgroups v2 for podman/buildah) -, conmon # Container runtime monitor -, slirp4netns # User-mode networking for unprivileged namespaces -, fuse-overlayfs # CoW for images, much faster than default vfs -, util-linux # nsenter -, iptables -, iproute2 -, catatonit -, gvproxy -, aardvark-dns -, netavark -}: - -# do not add qemu to this wrapper, store paths get written to the podman vm config and break when GCed - -let - binPath = lib.makeBinPath ([ - ] ++ lib.optionals stdenv.isLinux [ - runc - crun - conmon - slirp4netns - fuse-overlayfs - util-linux - iptables - iproute2 - ] ++ extraPackages); - - helpersBin = symlinkJoin { - name = "${podman-unwrapped.pname}-helper-binary-wrapper-${podman-unwrapped.version}"; - - # this only works for some binaries, others may need to be be added to `binPath` or in the modules - paths = [ - gvproxy - ] ++ lib.optionals stdenv.isLinux [ - aardvark-dns - catatonit # added here for the pause image and also set in `containersConf` for `init_path` - netavark - podman-unwrapped.rootlessport - ]; - }; - -in runCommand podman-unwrapped.name { - name = "${podman-unwrapped.pname}-wrapper-${podman-unwrapped.version}"; - inherit (podman-unwrapped) pname version passthru; - - preferLocalBuild = true; - - meta = builtins.removeAttrs podman-unwrapped.meta [ "outputsToInstall" ]; - - outputs = [ - "out" - "man" - ]; - - nativeBuildInputs = [ - makeWrapper - ]; - -} '' - ln -s ${podman-unwrapped.man} $man - - mkdir -p $out/bin - ln -s ${podman-unwrapped}/etc $out/etc - ln -s ${podman-unwrapped}/lib $out/lib - ln -s ${podman-unwrapped}/share $out/share - makeWrapper ${podman-unwrapped}/bin/podman $out/bin/podman \ - --set CONTAINERS_HELPER_BINARY_DIR ${helpersBin}/bin \ - --prefix PATH : ${lib.escapeShellArg binPath} -'' diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index d9c88b8fc2cee..c75b666d4847e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -11074,8 +11074,7 @@ with pkgs; pocketbase = callPackage ../servers/pocketbase { }; - podman = callPackage ../applications/virtualization/podman/wrapper.nix { }; - podman-unwrapped = callPackage ../applications/virtualization/podman { }; + podman = callPackage ../applications/virtualization/podman { }; podman-compose = python3Packages.callPackage ../applications/virtualization/podman-compose {};