diff options
author | Chris Evich <cevich@redhat.com> | 2022-05-31 14:43:27 -0400 |
---|---|---|
committer | Chris Evich <cevich@redhat.com> | 2022-06-01 17:25:38 -0400 |
commit | fc95f832a597829d22b3404f9655cf38a232991c (patch) | |
tree | 68fe13cfed9a890ac0926e994b92df9c9e75c8f6 /contrib/podmanimage/stable/Containerfile | |
parent | 70ce77e8d0aab41918b54b2547c902a5463cf798 (diff) | |
download | podman-fc95f832a597829d22b3404f9655cf38a232991c.tar.gz podman-fc95f832a597829d22b3404f9655cf38a232991c.tar.bz2 podman-fc95f832a597829d22b3404f9655cf38a232991c.zip |
Podman image: Mass cleanup + fix missing storage.conf
As of Fedora 36, `/etc/containers/storage.conf` with defaults is
installed under `/usr/share/containers/`. This was causing builds
to fail in the necessary `sed` command that enables fuse-overlayfs.
Fix this by using sed on the new location with an output redirect
into the `etc` location.
Also, perform a mass-cleanup of the three files to make them easier
to read/maintain. Including renaming them to `Containerfile`,
since all native build tooling is now used to produce them.
Lastly, take advantage of the `podman-next` copr repository to install
the latest/greatest podman from `main`, rather than building it from
scratch. This will greatly speed up the image build speed.
Signed-off-by: Chris Evich <cevich@redhat.com>
Diffstat (limited to 'contrib/podmanimage/stable/Containerfile')
-rw-r--r-- | contrib/podmanimage/stable/Containerfile | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/contrib/podmanimage/stable/Containerfile b/contrib/podmanimage/stable/Containerfile new file mode 100644 index 000000000..40a2cb5f3 --- /dev/null +++ b/contrib/podmanimage/stable/Containerfile @@ -0,0 +1,56 @@ +# stable/Containerfile +# +# Build a Podman container image from the latest +# stable version of Podman on the Fedoras Updates System. +# https://bodhi.fedoraproject.org/updates/?search=podman +# This image can be used to create a secured container +# that runs safely with privileges within the container. +# +FROM registry.fedoraproject.org/fedora:latest + +# Don't include container-selinux and remove +# directories used by dnf that are just taking +# up space. +RUN dnf -y update && \ + rpm --setcaps shadow-utils 2>/dev/null && \ + dnf -y install podman fuse-overlayfs \ + --exclude container-selinux && \ + dnf clean all && \ + rm -rf /var/cache /var/log/dnf* /var/log/yum.* + +RUN useradd podman; \ +echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \ +echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid; + +ARG _REPO_URL="https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable" +ADD $_REPO_URL/storage.conf /etc/containers/storage.conf +ADD $_REPO_URL/containers.conf /etc/containers/containers.conf +ADD $_REPO_URL/podman-containers.conf /home/podman/.config/containers/containers.conf + +RUN mkdir -p /home/podman/.local/share/containers && \ + chown podman:podman -R /home/podman && \ + chmod 644 /etc/containers/containers.conf + +# Copy & modify the defaults to provide reference if runtime changes needed. +# Changes here are required for running with fuse-overlay storage inside container. +RUN sed -i -e 's|^#mount_program|mount_program|g' \ + -e '/additionalimage.*/a "/var/lib/shared",' \ + -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \ + /usr/share/containers/storage.conf \ + > /etc/containers/storage.conf + +# Note VOLUME options must always happen after the chown call above +# RUN commands can not modify existing volumes +VOLUME /var/lib/containers +VOLUME /home/podman/.local/share/containers + +RUN mkdir -p /var/lib/shared/overlay-images \ + /var/lib/shared/overlay-layers \ + /var/lib/shared/vfs-images \ + /var/lib/shared/vfs-layers && \ + touch /var/lib/shared/overlay-images/images.lock && \ + touch /var/lib/shared/overlay-layers/layers.lock && \ + touch /var/lib/shared/vfs-images/images.lock && \ + touch /var/lib/shared/vfs-layers/layers.lock + +ENV _CONTAINERS_USERNS_CONFIGURED="" |