diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-06-03 13:17:14 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-03 13:17:14 -0400 |
commit | 0dda4681927b3428a113c81d851d962da8dd7302 (patch) | |
tree | 6b09d67b0c289f6e0c8d5e3e40d88110c3c5c9ac /contrib/podmanimage/upstream/Containerfile | |
parent | 8f79604864412a05d5d1b8614cb356f5b481306b (diff) | |
parent | fc95f832a597829d22b3404f9655cf38a232991c (diff) | |
download | podman-0dda4681927b3428a113c81d851d962da8dd7302.tar.gz podman-0dda4681927b3428a113c81d851d962da8dd7302.tar.bz2 podman-0dda4681927b3428a113c81d851d962da8dd7302.zip |
Merge pull request #14437 from cevich/fix_podmanimage
[CI:BUILD] Podman image: Mass cleanup + fix missing storage.conf
Diffstat (limited to 'contrib/podmanimage/upstream/Containerfile')
-rw-r--r-- | contrib/podmanimage/upstream/Containerfile | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/contrib/podmanimage/upstream/Containerfile b/contrib/podmanimage/upstream/Containerfile new file mode 100644 index 000000000..b338a33ae --- /dev/null +++ b/contrib/podmanimage/upstream/Containerfile @@ -0,0 +1,62 @@ +# upstream/Containerfile +# +# Build a Podman container image from the latest +# upstream version of Podman on GitHub. +# https://github.com/containers/podman +# This image can be used to create a secured container +# that runs safely with privileges within the container. +# The containers created by this image also come with a +# Podman development environment in /root/podman. +# +FROM registry.fedoraproject.org/fedora:latest + +# Don't include container-selinux and remove +# directories used by dnf that are just taking +# up space. The latest podman + deps. come from +# https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/ +RUN dnf -y update && \ + rpm --setcaps shadow-utils 2>/dev/null && \ + dnf -y install 'dnf-command(copr)' --enablerepo=updates-testing && \ + dnf -y copr enable rhcontainerbot/podman-next && \ + dnf -y install podman fuse-overlayfs \ + --exclude container-selinux \ + --enablerepo=updates-testing && \ + dnf clean all && \ + rm -rf /var/cache /var/log/dnf* /var/log/yum.* + +RUN useradd podman; \ +echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \ +echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid; + +ARG _REPO_URL="https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable" +ADD $_REPO_URL/storage.conf /etc/containers/storage.conf +ADD $_REPO_URL/containers.conf /etc/containers/containers.conf +ADD $_REPO_URL/podman-containers.conf /home/podman/.config/containers/containers.conf + +RUN mkdir -p /home/podman/.local/share/containers && \ + chown podman:podman -R /home/podman && \ + chmod 644 /etc/containers/containers.conf + +# Copy & modify the defaults to provide reference if runtime changes needed. +# Changes here are required for running with fuse-overlay storage inside container. +RUN sed -i -e 's|^#mount_program|mount_program|g' \ + -e '/additionalimage.*/a "/var/lib/shared",' \ + -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \ + /usr/share/containers/storage.conf \ + > /etc/containers/storage.conf + +# Note VOLUME options must always happen after the chown call above +# RUN commands can not modify existing volumes +VOLUME /var/lib/containers +VOLUME /home/podman/.local/share/containers + +RUN mkdir -p /var/lib/shared/overlay-images \ + /var/lib/shared/overlay-layers \ + /var/lib/shared/vfs-images \ + /var/lib/shared/vfs-layers && \ + touch /var/lib/shared/overlay-images/images.lock && \ + touch /var/lib/shared/overlay-layers/layers.lock && \ + touch /var/lib/shared/vfs-images/images.lock && \ + touch /var/lib/shared/vfs-layers/layers.lock + +ENV _CONTAINERS_USERNS_CONFIGURED="" |