Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

podman: improve runtime patching #310182

Merged
merged 1 commit into from
May 13, 2024
Merged

podman: improve runtime patching #310182

merged 1 commit into from
May 13, 2024

Conversation

the-sun-will-rise-tomorrow
Copy link
Contributor

@the-sun-will-rise-tomorrow the-sun-will-rise-tomorrow commented May 8, 2024
edited
Loading

Description of changes

Change the approach used to integrate runtimes, in order to:

  • Better support macOS
  • Make obscure OCI runtimes optional
  • Work around a panic due to runtimes having no paths

Fixes #306398.

Context:

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@ofborg ofborg bot requested review from saschagrunert and vdemeester May 8, 2024 19:44
@the-sun-will-rise-tomorrow
podman: Improve packaging
4499fca 
Change the approach used to integrate runtimes, in order to:

- Better support macOS
- Make obscure OCI runtimes optional
- Work around a panic due to runtimes having no paths
  (see containers/podman#22561)
@the-sun-will-rise-tomorrow
Copy link
Contributor Author

@ofborg build podman.passthru.tests

@the-sun-will-rise-tomorrow the-sun-will-rise-tomorrow marked this pull request as ready for review May 9, 2024 08:49
@the-sun-will-rise-tomorrow
Copy link
Contributor Author

@heitorPB @kevincox @cyrillzadra @lunik1 Could you test this, please?

@the-sun-will-rise-tomorrow the-sun-will-rise-tomorrow mentioned this pull request May 9, 2024
Merged
13 tasks
@heitorPB
Copy link
Contributor

heitorPB commented May 9, 2024

@WxNzEMof how do I test this? Never reviewed/tested a nixpkgs PR before.

@cyrillzadra
Copy link
Contributor

I switched my input to your podman fix branch

  inputs = {
    nixpkgs = {
#      url = "github:NixOS/nixpkgs/nixos-unstable";
      url = "github:WxNzEMof/nixpkgs/podman-5-fixes";
    };
  };

updated my system with

nix flake update 
nixos-rebuild switch --flake .#nixos

Now executing curl --unix-socket /var/run/user/1000/podman/podman.sock http://localhost/info returns a json instead of an 500 error. 👍

@heitorPB
Copy link
Contributor

heitorPB commented May 9, 2024
edited
Loading

@cyrillzadra Would you be so kind to share the json you got?

I'd like to changing my inputs completely as to keep the rest of my system intact. Would an overlay to podman do the trick?

@cyrillzadra
Copy link
Contributor

@cyrillzadra Would you be so kind to share the json you got?

{
	"ID": "9c377965-fa0a-4871-94a3-6525a141a904",
	"Containers": 65,
	"ContainersRunning": 0,
	"ContainersPaused": 0,
	"ContainersStopped": 62,
	"Images": 112,
	"Driver": "overlay",
	"DriverStatus": [
		[
			"Supports d_type",
			"true"
		],
		[
			"Native Overlay Diff",
			"true"
		],
		[
			"Using metacopy",
			"false"
		],
		[
			"Supports shifting",
			"false"
		],
		[
			"Supports volatile",
			"true"
		],
		[
			"Backing Filesystem",
			"btrfs"
		]
	],
	"Plugins": {
		"Volume": [
			"local"
		],
		"Network": [
			"bridge",
			"macvlan",
			"ipvlan"
		],
		"Authorization": null,
		"Log": [
			"k8s-file",
			"none",
			"passthrough",
			"journald"
		]
	},
	"MemoryLimit": true,
	"SwapLimit": false,
	"CpuCfsPeriod": false,
	"CpuCfsQuota": false,
	"CPUShares": false,
	"CPUSet": false,
	"PidsLimit": true,
	"IPv4Forwarding": false,
	"BridgeNfIptables": false,
	"BridgeNfIp6tables": false,
	"Debug": false,
	"NFd": 11,
	"OomKillDisable": false,
	"NGoroutines": 13,
	"SystemTime": "2024-05-09T15:03:32.83130335+02:00",
	"LoggingDriver": "",
	"CgroupDriver": "systemd",
	"NEventsListener": 0,
	"KernelVersion": "6.6.30",
	"OperatingSystem": "nixos",
	"OSVersion": "24.05",
	"OSType": "linux",
	"Architecture": "amd64",
	"IndexServerAddress": "",
	"RegistryConfig": {
		"AllowNondistributableArtifactsCIDRs": [],
		"AllowNondistributableArtifactsHostnames": [],
		"InsecureRegistryCIDRs": [],
		"IndexConfigs": {},
		"Mirrors": []
	},
	"NCPU": 24,
	"MemTotal": 67282857984,
	"GenericResources": null,
	"DockerRootDir": "/home/user/.local/share/containers/storage",
	"HttpProxy": "",
	"HttpsProxy": "",
	"NoProxy": "",
	"Name": "nixos",
	"Labels": null,
	"ExperimentalBuild": true,
	"ServerVersion": "5.0.2",
	"Runtimes": {
		"crun": {
			"path": "/nix/store/nki3a4ym9nkaadbdwkns1h6ar9jcqgcj-podman-helper-binary-wrapper/bin/crun"
		},
		"crun-vm": {
			"path": "/nix/store/nki3a4ym9nkaadbdwkns1h6ar9jcqgcj-podman-helper-binary-wrapper/bin/crun-vm"
		},
		"crun-wasm": {
			"path": "/nix/store/nki3a4ym9nkaadbdwkns1h6ar9jcqgcj-podman-helper-binary-wrapper/bin/crun-wasm"
		},
		"kata": {
			"path": "/nix/store/nki3a4ym9nkaadbdwkns1h6ar9jcqgcj-podman-helper-binary-wrapper/bin/kata-runtime"
		},
		"krun": {
			"path": "/nix/store/nki3a4ym9nkaadbdwkns1h6ar9jcqgcj-podman-helper-binary-wrapper/bin/krun"
		},
		"ocijail": {
			"path": "/nix/store/nki3a4ym9nkaadbdwkns1h6ar9jcqgcj-podman-helper-binary-wrapper/bin/ocijail"
		},
		"runc": {
			"path": "/nix/store/nki3a4ym9nkaadbdwkns1h6ar9jcqgcj-podman-helper-binary-wrapper/bin/runc"
		},
		"runj": {
			"path": "/nix/store/nki3a4ym9nkaadbdwkns1h6ar9jcqgcj-podman-helper-binary-wrapper/bin/runj"
		},
		"runsc": {
			"path": "/nix/store/nki3a4ym9nkaadbdwkns1h6ar9jcqgcj-podman-helper-binary-wrapper/bin/runsc"
		},
		"youki": {
			"path": "/nix/store/nki3a4ym9nkaadbdwkns1h6ar9jcqgcj-podman-helper-binary-wrapper/bin/youki"
		}
	},
	"DefaultRuntime": "crun",
	"Swarm": {
		"NodeID": "",
		"NodeAddr": "",
		"LocalNodeState": "inactive",
		"ControlAvailable": false,
		"Error": "",
		"RemoteManagers": null
	},
	"LiveRestoreEnabled": false,
	"Isolation": "",
	"InitBinary": "",
	"ContainerdCommit": {
		"ID": "",
		"Expected": ""
	},
	"RuncCommit": {
		"ID": "",
		"Expected": ""
	},
	"InitCommit": {
		"ID": "",
		"Expected": ""
	},
	"SecurityOptions": [
		"name=seccomp,profile=default",
		"name=rootless"
	],
	"ProductLicense": "Apache-2.0",
	"CDISpecDirs": null,
	"Warnings": [],
	"BuildahVersion": "1.35.3",
	"CPURealtimePeriod": false,
	"CPURealtimeRuntime": false,
	"CgroupVersion": "2",
	"Rootless": true,
	"SwapFree": 0,
	"SwapTotal": 0,
	"Uptime": "23h 33m 51.00s (Approximately 0.96 days)"
}

@kevincox
Copy link
Contributor

Result of nixpkgs-review pr 310182 run on x86_64-linux 1

3 packages built:
  • out-of-tree
  • podman
  • podman.man

@kevincox
Copy link
Contributor

This fixes the issue for me.

Is it ready to merge?

@kevincox kevincox mentioned this pull request May 11, 2024
Closed
@SuperSandro2000 SuperSandro2000 changed the title podman: Improve packaging podman: improve runtime patching May 12, 2024
SuperSandro2000
SuperSandro2000 approved these changes May 12, 2024
View reviewed changes
Copy link
Member

@SuperSandro2000 SuperSandro2000 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@wegank wegank added the 12.approvals: 1 This PR was reviewed and approved by one reputable person label May 13, 2024
@tricktron
Copy link
Member

Builds successfully and fixes the ERROR: runtime error: index out of range [0] with length 0 on x86_64-linux.

@kevincox
Copy link
Contributor

@WxNzEMof is there anything holding this back? It is a pretty major regression so I would like to merge it.

@the-sun-will-rise-tomorrow
Copy link
Contributor Author

@WxNzEMof is there anything holding this back?

No.

I would have liked to add a test for this functionality, so it doesn't regress again, but I don't know how to reproduce it inside a NixOS test.

It is a pretty major regression so I would like to merge it.

Be my guest, we can add the test separately later.

@kevincox
Copy link
Contributor

Ok thanks. Unless there are objections soon I will merge later today.

A test would be nice but I think that it can be a separate PR. I would rather it not block the fix.

@kevincox kevincox merged commit 4d50d8d into NixOS:master May 13, 2024
37 of 39 checks passed
@kevincox
Copy link
Contributor

Thanks @WxNzEMof and everyone else who helped!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SuperSandro2000 SuperSandro2000 SuperSandro2000 approved these changes

@saschagrunert saschagrunert Awaiting requested review from saschagrunert

@vdemeester vdemeester Awaiting requested review from vdemeester

Assignees
No one assigned
Labels
10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10 12.approvals: 1 This PR was reviewed and approved by one reputable person
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

docker-compose v1 fails to bring up any compose file with podman v5.0
7 participants
@the-sun-will-rise-tomorrow @heitorPB @cyrillzadra @kevincox @tricktron @SuperSandro2000 @wegank