fix: don't publish quadlet with image but within tar archive

Dockerfile

@@ -195,7 +195,11 @@ COPY conf/crun-containers.conf /etc/containers/containers.conf
 FROM rootlesspodmanbase AS podmanall
 RUN apk add --no-cache iptables ip6tables
 COPY --from=catatonit /catatonit/catatonit /usr/local/lib/podman/catatonit
-COPY --from=podman /usr/local/libexec/podman/quadlet /usr/local/libexec/podman/quadlet
 COPY --from=runc   /usr/local/bin/runc   /usr/local/bin/runc
 COPY --from=aardvark-dns /aardvark-dns/target/release/aardvark-dns /usr/local/lib/podman/aardvark-dns
 COPY --from=podman /etc/containers/seccomp.json /etc/containers/seccomp.json
+
+FROM podmanall AS tar-archive
+COPY --from=podman /usr/local/libexec/podman/quadlet /usr/local/libexec/podman/quadlet
+
+FROM podmanall

Makefile

@@ -3,6 +3,7 @@ PODMAN_IMAGE ?= $(PODMAN_IMAGE_NAME):latest
 PODMAN_IMAGE_TARGET ?= podmanall
 PODMAN_MINIMAL_IMAGE ?= $(PODMAN_IMAGE)-minimal
 PODMAN_REMOTE_IMAGE ?= $(PODMAN_IMAGE)-remote
+PODMAN_TAR_IMAGE ?= $(PODMAN_IMAGE)-tar
 PODMAN_SSH_IMAGE ?= mgoltzsche/podman-ssh
 PODMAN_BUILD_OPTS ?= -t $(PODMAN_IMAGE)
 PODMAN_MINIMAL_BUILD_OPTS ?= -t $(PODMAN_MINIMAL_IMAGE)
@@ -23,7 +24,7 @@ DOCKER ?= docker
 export DOCKER
 PLATFORM ?= linux/amd64
 ARCH = $(shell echo "$(PLATFORM)" | sed -E 's!linux/([^/]+).*!\1!')
-IMAGE_EXPORT_DIR = $(BUILD_DIR)/images/$@
+IMAGE_EXPORT_DIR = $(BUILD_DIR)/images/podman
 BUILDX_BUILDER ?= podman-builder
 # TODO: just push the other image and build tar files from output, skip tests for other platforms for now
 BUILDX_OUTPUT ?= type=docker
@@ -33,20 +34,20 @@ ASSET_NAME := podman-linux-$(ARCH)
 ASSET_DIR := $(BUILD_DIR)/asset/$(ASSET_NAME)
 
 
-images: podman podman-remote podman-minimal
+images: podman podman-remote podman-minimal podman-tar-image
 
 multiarch-tar multiarch-images: PLATFORM = linux/arm64/v8,linux/amd64
 multiarch-tar: BUILDX_OUTPUT = type=local,dest=$(IMAGE_EXPORT_DIR)
 multiarch-tar: TAR_TARGET ?= tar
-multiarch-tar: images tar-all
+multiarch-tar: podman-tar-image tar-all
 
 multiarch-images: BUILDX_OUTPUT = type=image
 multiarch-images: images
 
 # Single arch builds don't have nested arch directory, thus set path as for multiarch
 singlearch-tar: BUILDX_OUTPUT = type=local,dest=$(IMAGE_EXPORT_DIR)/linux_$(ARCH)
 singlearch-tar: TAR_TARGET ?= tar
-singlearch-tar: images
+singlearch-tar: podman-tar-image
 singlearch-tar:
 	make $(TAR_TARGET) PLATFORM="$(PLATFORM)" BUILDX_BUILDER="$(BUILDX_BUILDER)"
 
@@ -62,6 +63,9 @@ tar-all:
 podman: create-builder
 	$(DOCKER) buildx build $(BUILDX_OPTS) --force-rm $(PODMAN_BUILD_OPTS) --target $(PODMAN_IMAGE_TARGET) .
 
+podman-tar-image:
+	$(DOCKER) buildx build $(BUILDX_OPTS) --force-rm -t $(PODMAN_TAR_IMAGE) --target tar-archive .
+
 podman-minimal: create-builder
 	make podman PODMAN_IMAGE_TARGET=rootlesspodmanminimal BUILDX_OPTS="$(BUILDX_OPTS)" PODMAN_BUILD_OPTS="$(PODMAN_MINIMAL_BUILD_OPTS)"
 
@@ -86,6 +90,7 @@ test-use-cases: $(BATS)
 	DOCKER=$(DOCKER) \
 	PODMAN_IMAGE=$(PODMAN_IMAGE) \
 	PODMAN_REMOTE_IMAGE=$(PODMAN_REMOTE_IMAGE) \
+	PODMAN_TAR_IMAGE=$(PODMAN_TAR_IMAGE) \
 	$(BATS) -T $(BATS_TEST)
 
 test-minimal-image: $(BATS)
@@ -111,7 +116,7 @@ tar: .podman-from-container
 	tar -C $(ASSET_DIR)/.. -czvf $(ASSET_DIR).tar.gz $(ASSET_NAME)
 
 .podman-from-container: IMAGE_ROOTFS = $(BUILD_DIR)/images/podman/linux_$(ARCH)
-.podman-from-container: podman
+.podman-from-container: podman-tar-image
 	rm -rf $(ASSET_DIR)
 	mkdir -p $(ASSET_DIR)/etc $(ASSET_DIR)/usr/local
 	mkdir -p $(ASSET_DIR)/etc $(ASSET_DIR)/usr/lib/systemd/user-generators/

test/rootful.bats

@@ -38,25 +38,3 @@ skipIfDockerUnavailableAndNotRunAsRoot() {
 	skipIfDockerUnavailableAndNotRunAsRoot
 	testPortForwarding -u root:root -v "$PODMAN_ROOT_DATA_DIR:/var/lib/containers/storage" "${PODMAN_IMAGE}"
 }
-
-@test "$TEST_PREFIX quadlet - generate service" {
-	if [ "${TEST_SKIP_QUADLET:-}" = true ]; then
-		skip "TEST_SKIP_QUADLET=true"
-	fi
-	$DOCKER run --rm -u podman:podman \
-		-v "$BATS_TEST_DIRNAME/quadlet/hello_world.container:/etc/containers/systemd/hello_world.container" \
-		--pull=never "${PODMAN_IMAGE}" \
-		/usr/local/libexec/podman/quadlet -dryrun > /tmp/test.service # this goes to tmp because we are not root below
-
-	expected_values=(
-        "--name hello_world"
-        "--publish 8080:8080"
-        "--env HELLO=WORLD"
-        "docker.io/hello-world"
-    )
-
-    for value in "${expected_values[@]}"; do
-        run grep -q -- "$value" "/tmp/test.service"
-        [ "$status" -eq 0 ] || fail "Expected '$value' not found in /tmp/test.service"
-    done
-}

test/tar.bats

@@ -0,0 +1,26 @@
+#!/usr/bin/env bats
+
+: ${DOCKER:=docker}
+: ${PODMAN_TAR_IMAGE:=mgoltzsche/podman:latest-tar}
+
+@test "tar - quadlet - generate service" {
+	if [ "${TEST_SKIP_QUADLET:-}" = true ]; then
+		skip "TEST_SKIP_QUADLET=true"
+	fi
+	$DOCKER run --rm -u podman:podman \
+		-v "$BATS_TEST_DIRNAME/quadlet/hello_world.container:/etc/containers/systemd/hello_world.container" \
+		--pull=never "${PODMAN_TAR_IMAGE}" \
+		/usr/local/libexec/podman/quadlet -dryrun > /tmp/test.service # this goes to tmp because we are not root below
+
+	expected_values=(
+        "--name hello_world"
+        "--publish 8080:8080"
+        "--env HELLO=WORLD"
+        "docker.io/hello-world"
+    )
+
+    for value in "${expected_values[@]}"; do
+        run grep -q -- "$value" "/tmp/test.service"
+        [ "$status" -eq 0 ] || fail "Expected '$value' not found in /tmp/test.service"
+    done
+}