From d7ac7e1bd60a04df49a1353feac95c2ab386769c Mon Sep 17 00:00:00 2001 From: Max Goltzsche Date: Fri, 14 Mar 2025 01:07:33 +0100 Subject: [PATCH] fix: don't publish quadlet with image but with tar Add a separate stage to the Dockerfile to build the root file system of the tar archive and make the tar targets within the Makefile build that stage. Relates to #120 --- Dockerfile | 6 +++++- Makefile | 15 ++++++++++----- test/rootful.bats | 22 ---------------------- test/tar.bats | 26 ++++++++++++++++++++++++++ 4 files changed, 41 insertions(+), 28 deletions(-) create mode 100644 test/tar.bats diff --git a/Dockerfile b/Dockerfile index 5899bb5..0009cba 100644 --- a/Dockerfile +++ b/Dockerfile @@ -195,7 +195,11 @@ COPY conf/crun-containers.conf /etc/containers/containers.conf FROM rootlesspodmanbase AS podmanall RUN apk add --no-cache iptables ip6tables COPY --from=catatonit /catatonit/catatonit /usr/local/lib/podman/catatonit -COPY --from=podman /usr/local/libexec/podman/quadlet /usr/local/libexec/podman/quadlet COPY --from=runc /usr/local/bin/runc /usr/local/bin/runc COPY --from=aardvark-dns /aardvark-dns/target/release/aardvark-dns /usr/local/lib/podman/aardvark-dns COPY --from=podman /etc/containers/seccomp.json /etc/containers/seccomp.json + +FROM podmanall AS tar-archive +COPY --from=podman /usr/local/libexec/podman/quadlet /usr/local/libexec/podman/quadlet + +FROM podmanall diff --git a/Makefile b/Makefile index 025fc76..a93c047 100644 --- a/Makefile +++ b/Makefile @@ -3,6 +3,7 @@ PODMAN_IMAGE ?= $(PODMAN_IMAGE_NAME):latest PODMAN_IMAGE_TARGET ?= podmanall PODMAN_MINIMAL_IMAGE ?= $(PODMAN_IMAGE)-minimal PODMAN_REMOTE_IMAGE ?= $(PODMAN_IMAGE)-remote +PODMAN_TAR_IMAGE ?= $(PODMAN_IMAGE)-tar PODMAN_SSH_IMAGE ?= mgoltzsche/podman-ssh PODMAN_BUILD_OPTS ?= -t $(PODMAN_IMAGE) PODMAN_MINIMAL_BUILD_OPTS ?= -t $(PODMAN_MINIMAL_IMAGE) @@ -23,7 +24,7 @@ DOCKER ?= docker export DOCKER PLATFORM ?= linux/amd64 ARCH = $(shell echo "$(PLATFORM)" | sed -E 's!linux/([^/]+).*!\1!') -IMAGE_EXPORT_DIR = $(BUILD_DIR)/images/$@ +IMAGE_EXPORT_DIR = $(BUILD_DIR)/images/podman BUILDX_BUILDER ?= podman-builder # TODO: just push the other image and build tar files from output, skip tests for other platforms for now BUILDX_OUTPUT ?= type=docker @@ -33,12 +34,12 @@ ASSET_NAME := podman-linux-$(ARCH) ASSET_DIR := $(BUILD_DIR)/asset/$(ASSET_NAME) -images: podman podman-remote podman-minimal +images: podman podman-remote podman-minimal podman-tar-image multiarch-tar multiarch-images: PLATFORM = linux/arm64/v8,linux/amd64 multiarch-tar: BUILDX_OUTPUT = type=local,dest=$(IMAGE_EXPORT_DIR) multiarch-tar: TAR_TARGET ?= tar -multiarch-tar: images tar-all +multiarch-tar: podman-tar-image tar-all multiarch-images: BUILDX_OUTPUT = type=image multiarch-images: images @@ -46,7 +47,7 @@ multiarch-images: images # Single arch builds don't have nested arch directory, thus set path as for multiarch singlearch-tar: BUILDX_OUTPUT = type=local,dest=$(IMAGE_EXPORT_DIR)/linux_$(ARCH) singlearch-tar: TAR_TARGET ?= tar -singlearch-tar: images +singlearch-tar: podman-tar-image singlearch-tar: make $(TAR_TARGET) PLATFORM="$(PLATFORM)" BUILDX_BUILDER="$(BUILDX_BUILDER)" @@ -62,6 +63,9 @@ tar-all: podman: create-builder $(DOCKER) buildx build $(BUILDX_OPTS) --force-rm $(PODMAN_BUILD_OPTS) --target $(PODMAN_IMAGE_TARGET) . +podman-tar-image: + $(DOCKER) buildx build $(BUILDX_OPTS) --force-rm -t $(PODMAN_TAR_IMAGE) --target tar-archive . + podman-minimal: create-builder make podman PODMAN_IMAGE_TARGET=rootlesspodmanminimal BUILDX_OPTS="$(BUILDX_OPTS)" PODMAN_BUILD_OPTS="$(PODMAN_MINIMAL_BUILD_OPTS)" @@ -86,6 +90,7 @@ test-use-cases: $(BATS) DOCKER=$(DOCKER) \ PODMAN_IMAGE=$(PODMAN_IMAGE) \ PODMAN_REMOTE_IMAGE=$(PODMAN_REMOTE_IMAGE) \ + PODMAN_TAR_IMAGE=$(PODMAN_TAR_IMAGE) \ $(BATS) -T $(BATS_TEST) test-minimal-image: $(BATS) @@ -111,7 +116,7 @@ tar: .podman-from-container tar -C $(ASSET_DIR)/.. -czvf $(ASSET_DIR).tar.gz $(ASSET_NAME) .podman-from-container: IMAGE_ROOTFS = $(BUILD_DIR)/images/podman/linux_$(ARCH) -.podman-from-container: podman +.podman-from-container: podman-tar-image rm -rf $(ASSET_DIR) mkdir -p $(ASSET_DIR)/etc $(ASSET_DIR)/usr/local mkdir -p $(ASSET_DIR)/etc $(ASSET_DIR)/usr/lib/systemd/user-generators/ diff --git a/test/rootful.bats b/test/rootful.bats index 2fa6544..8552c58 100644 --- a/test/rootful.bats +++ b/test/rootful.bats @@ -38,25 +38,3 @@ skipIfDockerUnavailableAndNotRunAsRoot() { skipIfDockerUnavailableAndNotRunAsRoot testPortForwarding -u root:root -v "$PODMAN_ROOT_DATA_DIR:/var/lib/containers/storage" "${PODMAN_IMAGE}" } - -@test "$TEST_PREFIX quadlet - generate service" { - if [ "${TEST_SKIP_QUADLET:-}" = true ]; then - skip "TEST_SKIP_QUADLET=true" - fi - $DOCKER run --rm -u podman:podman \ - -v "$BATS_TEST_DIRNAME/quadlet/hello_world.container:/etc/containers/systemd/hello_world.container" \ - --pull=never "${PODMAN_IMAGE}" \ - /usr/local/libexec/podman/quadlet -dryrun > /tmp/test.service # this goes to tmp because we are not root below - - expected_values=( - "--name hello_world" - "--publish 8080:8080" - "--env HELLO=WORLD" - "docker.io/hello-world" - ) - - for value in "${expected_values[@]}"; do - run grep -q -- "$value" "/tmp/test.service" - [ "$status" -eq 0 ] || fail "Expected '$value' not found in /tmp/test.service" - done -} \ No newline at end of file diff --git a/test/tar.bats b/test/tar.bats new file mode 100644 index 0000000..75c74a9 --- /dev/null +++ b/test/tar.bats @@ -0,0 +1,26 @@ +#!/usr/bin/env bats + +: ${DOCKER:=docker} +: ${PODMAN_TAR_IMAGE:=mgoltzsche/podman:latest-tar} + +@test "tar - quadlet - generate service" { + if [ "${TEST_SKIP_QUADLET:-}" = true ]; then + skip "TEST_SKIP_QUADLET=true" + fi + $DOCKER run --rm -u podman:podman \ + -v "$BATS_TEST_DIRNAME/quadlet/hello_world.container:/etc/containers/systemd/hello_world.container" \ + --pull=never "${PODMAN_TAR_IMAGE}" \ + /usr/local/libexec/podman/quadlet -dryrun > /tmp/test.service # this goes to tmp because we are not root below + + expected_values=( + "--name hello_world" + "--publish 8080:8080" + "--env HELLO=WORLD" + "docker.io/hello-world" + ) + + for value in "${expected_values[@]}"; do + run grep -q -- "$value" "/tmp/test.service" + [ "$status" -eq 0 ] || fail "Expected '$value' not found in /tmp/test.service" + done +}