Podman image: Mass cleanup + fix missing storage.conf

As of Fedora 36, `/etc/containers/storage.conf` with defaults is
installed under `/usr/share/containers/`.  This was causing builds
to fail in the necessary `sed` command that enables fuse-overlayfs.
Fix this by using sed on the new location with an output redirect
into the `etc` location.

Also, perform a mass-cleanup of the three files to make them easier
to read/maintain.  Including renaming them to `Containerfile`,
since all native build tooling is now used to produce them.

Lastly, take advantage of the `podman-next` copr repository to install
the latest/greatest podman from `main`, rather than building it from
scratch.  This will greatly speed up the image build speed.

Signed-off-by: Chris Evich <cevich@redhat.com>

2 files changed, 62 insertions, 85 deletions

diff --git a/contrib/podmanimage/upstream/Containerfile b/contrib/podmanimage/upstream/Containerfile
new file mode 100644
index 000000000..b338a33ae
--- /dev/null
+++ b/contrib/podmanimage/upstream/Containerfile
@@ -0,0 +1,62 @@
+# upstream/Containerfile
+#
+# Build a Podman container image from the latest
+# upstream version of Podman on GitHub.
+# https://github.com/containers/podman
+# This image can be used to create a secured container
+# that runs safely with privileges within the container.
+# The containers created by this image also come with a
+# Podman development environment in /root/podman.
+#
+FROM registry.fedoraproject.org/fedora:latest
+
+# Don't include container-selinux and remove
+# directories used by dnf that are just taking
+# up space.  The latest podman + deps. come from
+# https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/
+RUN dnf -y update && \
+    rpm --setcaps shadow-utils 2>/dev/null && \
+    dnf -y install 'dnf-command(copr)' --enablerepo=updates-testing && \
+    dnf -y copr enable rhcontainerbot/podman-next && \
+    dnf -y install podman fuse-overlayfs \
+        --exclude container-selinux \
+        --enablerepo=updates-testing && \
+    dnf clean all && \
+    rm -rf /var/cache /var/log/dnf* /var/log/yum.*
+
+RUN useradd podman; \
+echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \
+echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid;
+
+ARG _REPO_URL="https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable"
+ADD $_REPO_URL/storage.conf /etc/containers/storage.conf
+ADD $_REPO_URL/containers.conf /etc/containers/containers.conf
+ADD $_REPO_URL/podman-containers.conf /home/podman/.config/containers/containers.conf
+
+RUN mkdir -p /home/podman/.local/share/containers && \
+    chown podman:podman -R /home/podman && \
+    chmod 644 /etc/containers/containers.conf
+
+# Copy & modify the defaults to provide reference if runtime changes needed.
+# Changes here are required for running with fuse-overlay storage inside container.
+RUN sed -i -e 's|^#mount_program|mount_program|g' \
+           -e '/additionalimage.*/a "/var/lib/shared",' \
+           -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \
+           /usr/share/containers/storage.conf \
+           > /etc/containers/storage.conf
+
+# Note VOLUME options must always happen after the chown call above
+# RUN commands can not modify existing volumes
+VOLUME /var/lib/containers
+VOLUME /home/podman/.local/share/containers
+
+RUN mkdir -p /var/lib/shared/overlay-images \
+             /var/lib/shared/overlay-layers \
+             /var/lib/shared/vfs-images \
+             /var/lib/shared/vfs-layers && \
+    touch /var/lib/shared/overlay-images/images.lock && \
+    touch /var/lib/shared/overlay-layers/layers.lock && \
+    touch /var/lib/shared/vfs-images/images.lock && \
+    touch /var/lib/shared/vfs-layers/layers.lock
+
+ENV _CONTAINERS_USERNS_CONFIGURED=""
diff --git a/contrib/podmanimage/upstream/Dockerfile b/contrib/podmanimage/upstream/Dockerfile
deleted file mode 100644
index 0769a7612..000000000
--- a/contrib/podmanimage/upstream/Dockerfile
+++ /dev/null
@@ -1,85 +0,0 @@
-# git/Dockerfile
-#
-# Build a Podman container image from the latest
-# upstream version of Podman on GitHub.
-# https://github.com/containers/podman
-# This image can be used to create a secured container
-# that runs safely with privileges within the container.
-# The containers created by this image also come with a
-# Podman development environment in /root/podman.
-#
-FROM registry.fedoraproject.org/fedora:latest
-ENV GOPATH=/root/podman
-
-# Install the software required to build Podman.
-# Then create a directory and clone from the Podman
-# GitHub repository, make and install Podman
-# to the container.
-# Finally remove the podman directory and a few other packages
-# that are needed for building but not running Podman
-RUN yum -y update; rpm --restore shadow-utils 2>/dev/null;  yum -y install --exclude container-selinux \
-     --enablerepo=updates-testing \
-     btrfs-progs-devel \
-     containernetworking-cni \
-     conmon \
-     device-mapper-devel \
-     git \
-     glib2-devel \
-     glibc-devel \
-     glibc-static \
-     go \
-     golang-github-cpuguy83-md2man \
-     gpgme-devel \
-     iptables \
-     libassuan-devel \
-     libgpg-error-devel \
-     libseccomp-devel \
-     libselinux-devel \
-     make \
-     pkgconfig \
-     crun \
-     fuse-overlayfs \
-     fuse3 \
-     containers-common \
-     podman-plugins; \
-     mkdir /root/podman; \
-     git clone https://github.com/containers/podman /root/podman/src/github.com/containers/podman; \
-     cd /root/podman/src/github.com/containers/podman; \
-     make BUILDTAGS="selinux seccomp"; \
-     make install PREFIX=/usr; \
-     cd /root/podman; \
-     git clone https://github.com/containers/conmon /root/podman/conmon; \
-     cd conmon; \
-     make; \
-     install -D -m 755 bin/conmon /usr/libexec/podman/conmon; \
-     git clone https://github.com/containernetworking/plugins.git $GOPATH/src/github.com/containernetworking/plugins; \
-     cd $GOPATH/src/github.com/containernetworking/plugins; \
-     ./build_linux.sh; \
-     mkdir -p /usr/libexec/cni; \
-     \cp -fR bin/* /usr/libexec/cni; \
-     mkdir -p /etc/cni/net.d; \
-     curl -qsSL https://raw.githubusercontent.com/containers/podman/main/cni/87-podman-bridge.conflist | tee /etc/cni/net.d/99-loopback.conf; \
-     mkdir -p /usr/share/containers; \
-     rm -rf /root/podman/*; \
-     yum -y remove git golang go-md2man make; \
-     yum clean all;
-
-RUN useradd podman; \
-echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \
-echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid;
-
-ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf
-ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/podman-containers.conf /home/podman/.config/containers/containers.conf
-
-RUN mkdir -p /home/podman/.local/share/containers; chown podman:podman -R /home/podman
-
-# Note VOLUME options must always happen after the chown call above
-# RUN commands can not modify existing volumes
-VOLUME /var/lib/containers
-VOLUME /home/podman/.local/share/containers
-
-# chmod containers.conf and adjust storage.conf to enable Fuse storage.
-RUN chmod 644 /etc/containers/containers.conf; sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' /etc/containers/storage.conf
-RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers /var/lib/shared/vfs-images /var/lib/shared/vfs-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock; touch /var/lib/shared/vfs-images/images.lock; touch /var/lib/shared/vfs-layers/layers.lock
-
-ENV _CONTAINERS_USERNS_CONFIGURED=""