summaryrefslogtreecommitdiff
path: root/contrib/podmanimage/upstream/Dockerfile
blob: 0769a7612e14676eb7fd7d84f5d0156d61ba84ed (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# git/Dockerfile
#
# Build a Podman container image from the latest
# upstream version of Podman on GitHub.
# https://github.com/containers/podman
# This image can be used to create a secured container
# that runs safely with privileges within the container.
# The containers created by this image also come with a
# Podman development environment in /root/podman.
#
FROM registry.fedoraproject.org/fedora:latest
ENV GOPATH=/root/podman

# Install the software required to build Podman.
# Then create a directory and clone from the Podman
# GitHub repository, make and install Podman
# to the container.
# Finally remove the podman directory and a few other packages
# that are needed for building but not running Podman
RUN yum -y update; rpm --restore shadow-utils 2>/dev/null;  yum -y install --exclude container-selinux \
     --enablerepo=updates-testing \
     btrfs-progs-devel \
     containernetworking-cni \
     conmon \
     device-mapper-devel \
     git \
     glib2-devel \
     glibc-devel \
     glibc-static \
     go \
     golang-github-cpuguy83-md2man \
     gpgme-devel \
     iptables \
     libassuan-devel \
     libgpg-error-devel \
     libseccomp-devel \
     libselinux-devel \
     make \
     pkgconfig \
     crun \
     fuse-overlayfs \
     fuse3 \
     containers-common \
     podman-plugins; \
     mkdir /root/podman; \
     git clone https://github.com/containers/podman /root/podman/src/github.com/containers/podman; \
     cd /root/podman/src/github.com/containers/podman; \
     make BUILDTAGS="selinux seccomp"; \
     make install PREFIX=/usr; \
     cd /root/podman; \
     git clone https://github.com/containers/conmon /root/podman/conmon; \
     cd conmon; \
     make; \
     install -D -m 755 bin/conmon /usr/libexec/podman/conmon; \
     git clone https://github.com/containernetworking/plugins.git $GOPATH/src/github.com/containernetworking/plugins; \
     cd $GOPATH/src/github.com/containernetworking/plugins; \
     ./build_linux.sh; \
     mkdir -p /usr/libexec/cni; \
     \cp -fR bin/* /usr/libexec/cni; \
     mkdir -p /etc/cni/net.d; \
     curl -qsSL https://raw.githubusercontent.com/containers/podman/main/cni/87-podman-bridge.conflist | tee /etc/cni/net.d/99-loopback.conf; \
     mkdir -p /usr/share/containers; \
     rm -rf /root/podman/*; \
     yum -y remove git golang go-md2man make; \
     yum clean all;

RUN useradd podman; \
echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \
echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid;

ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf
ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/podman-containers.conf /home/podman/.config/containers/containers.conf

RUN mkdir -p /home/podman/.local/share/containers; chown podman:podman -R /home/podman

# Note VOLUME options must always happen after the chown call above
# RUN commands can not modify existing volumes
VOLUME /var/lib/containers
VOLUME /home/podman/.local/share/containers

# chmod containers.conf and adjust storage.conf to enable Fuse storage.
RUN chmod 644 /etc/containers/containers.conf; sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' /etc/containers/storage.conf
RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers /var/lib/shared/vfs-images /var/lib/shared/vfs-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock; touch /var/lib/shared/vfs-images/images.lock; touch /var/lib/shared/vfs-layers/layers.lock

ENV _CONTAINERS_USERNS_CONFIGURED=""