Podman image: Mass cleanup + fix missing storage.conf

As of Fedora 36, `/etc/containers/storage.conf` with defaults is installed under `/usr/share/containers/`. This was causing builds to fail in the necessary `sed` command that enables fuse-overlayfs. Fix this by using sed on the new location with an output redirect into the `etc` location. Also, perform a mass-cleanup of the three files to make them easier to read/maintain. Including renaming them to `Containerfile`, since all native build tooling is now used to produce them. Lastly, take advantage of the `podman-next` copr repository to install the latest/greatest podman from `main`, rather than building it from scratch. This will greatly speed up the image build speed. Signed-off-by: Chris Evich <cevich@redhat.com>
2025-06-21 17:38:12 +08:00 · 2022-05-31 14:43:27 -04:00
parent 70ce77e8d0
commit fc95f832a5
7 changed files with 185 additions and 157 deletions
--- a/contrib/podmanimage/stable/Containerfile
+++ b/contrib/podmanimage/stable/Containerfile
@ -0,0 +1,56 @@
 # stable/Containerfile
 #
 # Build a Podman container image from the latest
 # stable version of Podman on the Fedoras Updates System.
 # https://bodhi.fedoraproject.org/updates/?search=podman
 # This image can be used to create a secured container
 # that runs safely with privileges within the container.
 #
 FROM registry.fedoraproject.org/fedora:latest
 # Don't include container-selinux and remove
 # directories used by dnf that are just taking
 # up space.
 RUN dnf -y update && \
    rpm --setcaps shadow-utils 2>/dev/null && \
    dnf -y install podman fuse-overlayfs \
        --exclude container-selinux && \
    dnf clean all && \
    rm -rf /var/cache /var/log/dnf* /var/log/yum.*
 RUN useradd podman; \
 echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \
 echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid;
 ARG _REPO_URL="https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable"
 ADD $_REPO_URL/storage.conf /etc/containers/storage.conf
 ADD $_REPO_URL/containers.conf /etc/containers/containers.conf
 ADD $_REPO_URL/podman-containers.conf /home/podman/.config/containers/containers.conf
 RUN mkdir -p /home/podman/.local/share/containers && \
    chown podman:podman -R /home/podman && \
    chmod 644 /etc/containers/containers.conf
 # Copy & modify the defaults to provide reference if runtime changes needed.
 # Changes here are required for running with fuse-overlay storage inside container.
 RUN sed -i -e 's|^#mount_program|mount_program|g' \
           -e '/additionalimage.*/a "/var/lib/shared",' \
           -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \
           /usr/share/containers/storage.conf \
           > /etc/containers/storage.conf
 # Note VOLUME options must always happen after the chown call above
 # RUN commands can not modify existing volumes
 VOLUME /var/lib/containers
 VOLUME /home/podman/.local/share/containers
 RUN mkdir -p /var/lib/shared/overlay-images \
             /var/lib/shared/overlay-layers \
             /var/lib/shared/vfs-images \
             /var/lib/shared/vfs-layers && \
    touch /var/lib/shared/overlay-images/images.lock && \
    touch /var/lib/shared/overlay-layers/layers.lock && \
    touch /var/lib/shared/vfs-images/images.lock && \
    touch /var/lib/shared/vfs-layers/layers.lock
 ENV _CONTAINERS_USERNS_CONFIGURED=""
--- a/contrib/podmanimage/stable/Dockerfile
+++ b/contrib/podmanimage/stable/Dockerfile
@ -1,36 +0,0 @@
 # stable/Dockerfile
 #
 # Build a Podman container image from the latest
 # stable version of Podman on the Fedoras Updates System.
 # https://bodhi.fedoraproject.org/updates/?search=podman
 # This image can be used to create a secured container
 # that runs safely with privileges within the container.
 #
 FROM registry.fedoraproject.org/fedora:latest
 # Don't include container-selinux and remove
 # directories used by yum that are just taking
 # up space.
 RUN dnf -y update; rpm --restore shadow-utils 2>/dev/null; \
 yum -y install podman fuse-overlayfs --exclude container-selinux; \
 rm -rf /var/cache /var/log/dnf* /var/log/yum.*
 RUN useradd podman; \
 echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \
 echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid;
 ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf
 ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/podman-containers.conf /home/podman/.config/containers/containers.conf
 RUN mkdir -p /home/podman/.local/share/containers; chown podman:podman -R /home/podman
 # Note VOLUME options must always happen after the chown call above
 # RUN commands can not modify existing volumes
 VOLUME /var/lib/containers
 VOLUME /home/podman/.local/share/containers
 # chmod containers.conf and adjust storage.conf to enable Fuse storage.
 RUN chmod 644 /etc/containers/containers.conf; sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' /etc/containers/storage.conf
 RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers /var/lib/shared/vfs-images /var/lib/shared/vfs-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock; touch /var/lib/shared/vfs-images/images.lock; touch /var/lib/shared/vfs-layers/layers.lock
 ENV _CONTAINERS_USERNS_CONFIGURED=""
--- a/contrib/podmanimage/stable/storage.conf
+++ b/contrib/podmanimage/stable/storage.conf
@ -0,0 +1,6 @@
 [storage.options]
 additionalimagestores = ["/var/lib/shared"]
 [storage.options.overlay]
 mountopt = "nodev,fsync=0"
 mount_program = "/usr/bin/fuse-overlayfs"
--- a/contrib/podmanimage/testing/Containerfile
+++ b/contrib/podmanimage/testing/Containerfile
@ -0,0 +1,61 @@
 # testing/Containerfile
 #
 # Build a Podman container image from the latest
 # stable version of Podman on the Fedoras Updates System.
 # https://bodhi.fedoraproject.org/updates/?search=podman
 # This image can be used to create a secured container
 # that runs safely with privileges within the container.
 #
 FROM registry.fedoraproject.org/fedora:latest
 # Don't include container-selinux and remove
 # directories used by dnf that are just taking
 # up space.
 RUN dnf -y update && \
    rpm --setcaps shadow-utils 2>/dev/null && \
    dnf -y install podman fuse-overlayfs \
        --exclude container-selinux --enablerepo updates-testing && \
    dnf clean all && \
    rm -rf /var/cache /var/log/dnf* /var/log/yum.*
 RUN useradd podman; \
 echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \
 echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid;
 ARG _REPO_URL="https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable"
 ADD $_REPO_URL/storage.conf /etc/containers/storage.conf
 ADD $_REPO_URL/containers.conf /etc/containers/containers.conf
 ADD $_REPO_URL/podman-containers.conf /home/podman/.config/containers/containers.conf
 RUN mkdir -p /home/podman/.local/share/containers && \
    chown podman:podman -R /home/podman
 # Copy & modify the defaults to provide reference if runtime changes needed.
 # Changes here are required for running with fuse-overlay storage inside container.
 RUN sed -i -e 's|^#mount_program|mount_program|g' \
           -e '/additionalimage.*/a "/var/lib/shared",' \
           -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \
           /usr/share/containers/storage.conf \
           > /etc/containers/storage.conf
 # Note VOLUME options must always happen after the chown call above
 # RUN commands can not modify existing volumes
 VOLUME /var/lib/containers
 VOLUME /home/podman/.local/share/containers
 # chmod containers.conf and adjust storage.conf to enable Fuse storage.
 RUN chmod 644 /etc/containers/containers.conf && \
     sed -i -e 's|^#mount_program|mount_program|g' \
            -e '/additionalimage.*/a "/var/lib/shared",' \
            -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \
            /etc/containers/storage.conf
 RUN mkdir -p /var/lib/shared/overlay-images \
             /var/lib/shared/overlay-layers \
             /var/lib/shared/vfs-images \
             /var/lib/shared/vfs-layers && \
    touch /var/lib/shared/overlay-images/images.lock && \
    touch /var/lib/shared/overlay-layers/layers.lock && \
    touch /var/lib/shared/vfs-images/images.lock && \
    touch /var/lib/shared/vfs-layers/layers.lock
 ENV _CONTAINERS_USERNS_CONFIGURED=""
--- a/contrib/podmanimage/testing/Dockerfile
+++ b/contrib/podmanimage/testing/Dockerfile
@ -1,36 +0,0 @@
 # testing/Dockerfile
 #
 # Build a Podman image using the latest
 # version of Podman that is in updates-testing
 # on the Fedoras Updates System.  At times this
 # may be the same the latest stable version.
 # https://bodhi.fedoraproject.org/updates/?search=podman
 # This image can be used to create a secured container
 # that runs safely with privileges within the container.
 #
 FROM registry.fedoraproject.org/fedora:latest
 # Don't include container-selinux and remove
 # directories used by yum that are just taking
 # up space.
 RUN yum -y update; rpm --restore shadow-utils 2>/dev/null; yum -y install podman fuse-overlayfs --exclude container-selinux --enablerepo updates-testing; rm -rf /var/cache /var/log/dnf* /var/log/yum.*
 RUN useradd podman; \
 echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \
 echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid;
 ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf
 ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/podman-containers.conf /home/podman/.config/containers/containers.conf
 RUN mkdir -p /home/podman/.local/share/containers; chown podman:podman -R /home/podman
 # Note VOLUME options must always happen after the chown call above
 # RUN commands can not modify existing volumes
 VOLUME /var/lib/containers
 VOLUME /home/podman/.local/share/containers
 # chmod containers.conf and adjust storage.conf to enable Fuse storage.
 RUN chmod 644 /etc/containers/containers.conf; sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' /etc/containers/storage.conf
 RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers /var/lib/shared/vfs-images /var/lib/shared/vfs-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock; touch /var/lib/shared/vfs-images/images.lock; touch /var/lib/shared/vfs-layers/layers.lock
 ENV _CONTAINERS_USERNS_CONFIGURED=""
--- a/contrib/podmanimage/upstream/Containerfile
+++ b/contrib/podmanimage/upstream/Containerfile
@ -0,0 +1,62 @@
 # upstream/Containerfile
 #
 # Build a Podman container image from the latest
 # upstream version of Podman on GitHub.
 # https://github.com/containers/podman
 # This image can be used to create a secured container
 # that runs safely with privileges within the container.
 # The containers created by this image also come with a
 # Podman development environment in /root/podman.
 #
 FROM registry.fedoraproject.org/fedora:latest
 # Don't include container-selinux and remove
 # directories used by dnf that are just taking
 # up space.  The latest podman + deps. come from
 # https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/
 RUN dnf -y update && \
    rpm --setcaps shadow-utils 2>/dev/null && \
    dnf -y install 'dnf-command(copr)' --enablerepo=updates-testing && \
    dnf -y copr enable rhcontainerbot/podman-next && \
    dnf -y install podman fuse-overlayfs \
        --exclude container-selinux \
        --enablerepo=updates-testing && \
    dnf clean all && \
    rm -rf /var/cache /var/log/dnf* /var/log/yum.*
 RUN useradd podman; \
 echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \
 echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid;
 ARG _REPO_URL="https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable"
 ADD $_REPO_URL/storage.conf /etc/containers/storage.conf
 ADD $_REPO_URL/containers.conf /etc/containers/containers.conf
 ADD $_REPO_URL/podman-containers.conf /home/podman/.config/containers/containers.conf
 RUN mkdir -p /home/podman/.local/share/containers && \
    chown podman:podman -R /home/podman && \
    chmod 644 /etc/containers/containers.conf
 # Copy & modify the defaults to provide reference if runtime changes needed.
 # Changes here are required for running with fuse-overlay storage inside container.
 RUN sed -i -e 's|^#mount_program|mount_program|g' \
           -e '/additionalimage.*/a "/var/lib/shared",' \
           -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \
           /usr/share/containers/storage.conf \
           > /etc/containers/storage.conf
 # Note VOLUME options must always happen after the chown call above
 # RUN commands can not modify existing volumes
 VOLUME /var/lib/containers
 VOLUME /home/podman/.local/share/containers
 RUN mkdir -p /var/lib/shared/overlay-images \
             /var/lib/shared/overlay-layers \
             /var/lib/shared/vfs-images \
             /var/lib/shared/vfs-layers && \
    touch /var/lib/shared/overlay-images/images.lock && \
    touch /var/lib/shared/overlay-layers/layers.lock && \
    touch /var/lib/shared/vfs-images/images.lock && \
    touch /var/lib/shared/vfs-layers/layers.lock
 ENV _CONTAINERS_USERNS_CONFIGURED=""
--- a/contrib/podmanimage/upstream/Dockerfile
+++ b/contrib/podmanimage/upstream/Dockerfile
@ -1,85 +0,0 @@
 # git/Dockerfile
 #
 # Build a Podman container image from the latest
 # upstream version of Podman on GitHub.
 # https://github.com/containers/podman
 # This image can be used to create a secured container
 # that runs safely with privileges within the container.
 # The containers created by this image also come with a
 # Podman development environment in /root/podman.
 #
 FROM registry.fedoraproject.org/fedora:latest
 ENV GOPATH=/root/podman
 # Install the software required to build Podman.
 # Then create a directory and clone from the Podman
 # GitHub repository, make and install Podman
 # to the container.
 # Finally remove the podman directory and a few other packages
 # that are needed for building but not running Podman
 RUN yum -y update; rpm --restore shadow-utils 2>/dev/null;  yum -y install --exclude container-selinux \
     --enablerepo=updates-testing \
     btrfs-progs-devel \
     containernetworking-cni \
     conmon \
     device-mapper-devel \
     git \
     glib2-devel \
     glibc-devel \
     glibc-static \
     go \
     golang-github-cpuguy83-md2man \
     gpgme-devel \
     iptables \
     libassuan-devel \
     libgpg-error-devel \
     libseccomp-devel \
     libselinux-devel \
     make \
     pkgconfig \
     crun \
     fuse-overlayfs \
     fuse3 \
     containers-common \
     podman-plugins; \
     mkdir /root/podman; \
     git clone https://github.com/containers/podman /root/podman/src/github.com/containers/podman; \
     cd /root/podman/src/github.com/containers/podman; \
     make BUILDTAGS="selinux seccomp"; \
     make install PREFIX=/usr; \
     cd /root/podman; \
     git clone https://github.com/containers/conmon /root/podman/conmon; \
     cd conmon; \
     make; \
     install -D -m 755 bin/conmon /usr/libexec/podman/conmon; \
     git clone https://github.com/containernetworking/plugins.git $GOPATH/src/github.com/containernetworking/plugins; \
     cd $GOPATH/src/github.com/containernetworking/plugins; \
     ./build_linux.sh; \
     mkdir -p /usr/libexec/cni; \
     \cp -fR bin/* /usr/libexec/cni; \
     mkdir -p /etc/cni/net.d; \
     curl -qsSL https://raw.githubusercontent.com/containers/podman/main/cni/87-podman-bridge.conflist | tee /etc/cni/net.d/99-loopback.conf; \
     mkdir -p /usr/share/containers; \
     rm -rf /root/podman/*; \
     yum -y remove git golang go-md2man make; \
     yum clean all;
 RUN useradd podman; \
 echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \
 echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid;
 ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf
 ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/podman-containers.conf /home/podman/.config/containers/containers.conf
 RUN mkdir -p /home/podman/.local/share/containers; chown podman:podman -R /home/podman
 # Note VOLUME options must always happen after the chown call above
 # RUN commands can not modify existing volumes
 VOLUME /var/lib/containers
 VOLUME /home/podman/.local/share/containers
 # chmod containers.conf and adjust storage.conf to enable Fuse storage.
 RUN chmod 644 /etc/containers/containers.conf; sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' /etc/containers/storage.conf
 RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers /var/lib/shared/vfs-images /var/lib/shared/vfs-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock; touch /var/lib/shared/vfs-images/images.lock; touch /var/lib/shared/vfs-layers/layers.lock
 ENV _CONTAINERS_USERNS_CONFIGURED=""