summaryrefslogtreecommitdiff
path: root/contrib/podmanimage/stable/Containerfile
diff options
context:
space:
mode:
authorChris Evich <cevich@redhat.com>2022-05-31 14:43:27 -0400
committerChris Evich <cevich@redhat.com>2022-06-01 17:25:38 -0400
commitfc95f832a597829d22b3404f9655cf38a232991c (patch)
tree68fe13cfed9a890ac0926e994b92df9c9e75c8f6 /contrib/podmanimage/stable/Containerfile
parent70ce77e8d0aab41918b54b2547c902a5463cf798 (diff)
downloadpodman-fc95f832a597829d22b3404f9655cf38a232991c.tar.gz
podman-fc95f832a597829d22b3404f9655cf38a232991c.tar.bz2
podman-fc95f832a597829d22b3404f9655cf38a232991c.zip
Podman image: Mass cleanup + fix missing storage.conf
As of Fedora 36, `/etc/containers/storage.conf` with defaults is installed under `/usr/share/containers/`. This was causing builds to fail in the necessary `sed` command that enables fuse-overlayfs. Fix this by using sed on the new location with an output redirect into the `etc` location. Also, perform a mass-cleanup of the three files to make them easier to read/maintain. Including renaming them to `Containerfile`, since all native build tooling is now used to produce them. Lastly, take advantage of the `podman-next` copr repository to install the latest/greatest podman from `main`, rather than building it from scratch. This will greatly speed up the image build speed. Signed-off-by: Chris Evich <cevich@redhat.com>
Diffstat (limited to 'contrib/podmanimage/stable/Containerfile')
-rw-r--r--contrib/podmanimage/stable/Containerfile56
1 files changed, 56 insertions, 0 deletions
diff --git a/contrib/podmanimage/stable/Containerfile b/contrib/podmanimage/stable/Containerfile
new file mode 100644
index 000000000..40a2cb5f3
--- /dev/null
+++ b/contrib/podmanimage/stable/Containerfile
@@ -0,0 +1,56 @@
+# stable/Containerfile
+#
+# Build a Podman container image from the latest
+# stable version of Podman on the Fedoras Updates System.
+# https://bodhi.fedoraproject.org/updates/?search=podman
+# This image can be used to create a secured container
+# that runs safely with privileges within the container.
+#
+FROM registry.fedoraproject.org/fedora:latest
+
+# Don't include container-selinux and remove
+# directories used by dnf that are just taking
+# up space.
+RUN dnf -y update && \
+ rpm --setcaps shadow-utils 2>/dev/null && \
+ dnf -y install podman fuse-overlayfs \
+ --exclude container-selinux && \
+ dnf clean all && \
+ rm -rf /var/cache /var/log/dnf* /var/log/yum.*
+
+RUN useradd podman; \
+echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \
+echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid;
+
+ARG _REPO_URL="https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable"
+ADD $_REPO_URL/storage.conf /etc/containers/storage.conf
+ADD $_REPO_URL/containers.conf /etc/containers/containers.conf
+ADD $_REPO_URL/podman-containers.conf /home/podman/.config/containers/containers.conf
+
+RUN mkdir -p /home/podman/.local/share/containers && \
+ chown podman:podman -R /home/podman && \
+ chmod 644 /etc/containers/containers.conf
+
+# Copy & modify the defaults to provide reference if runtime changes needed.
+# Changes here are required for running with fuse-overlay storage inside container.
+RUN sed -i -e 's|^#mount_program|mount_program|g' \
+ -e '/additionalimage.*/a "/var/lib/shared",' \
+ -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \
+ /usr/share/containers/storage.conf \
+ > /etc/containers/storage.conf
+
+# Note VOLUME options must always happen after the chown call above
+# RUN commands can not modify existing volumes
+VOLUME /var/lib/containers
+VOLUME /home/podman/.local/share/containers
+
+RUN mkdir -p /var/lib/shared/overlay-images \
+ /var/lib/shared/overlay-layers \
+ /var/lib/shared/vfs-images \
+ /var/lib/shared/vfs-layers && \
+ touch /var/lib/shared/overlay-images/images.lock && \
+ touch /var/lib/shared/overlay-layers/layers.lock && \
+ touch /var/lib/shared/vfs-images/images.lock && \
+ touch /var/lib/shared/vfs-layers/layers.lock
+
+ENV _CONTAINERS_USERNS_CONFIGURED=""