From ab5ed8265b2d8fee3e6bd291808a8fe3e7a17127 Mon Sep 17 00:00:00 2001
From: Matthew Heon <mheon@redhat.com>
Date: Wed, 9 Dec 2020 14:24:51 -0500
Subject: [PATCH] Do not pull rootless CNI infra image

Instead, we want to advise users to manually build the image. We
cannot distribute the existing image for RHEL 8.4.0, and the
feature will be tech preview, so this degraded user experience
will have to be sufficient until we can get a better solution in
place.

Ref: https://issues.redhat.com/browse/RUN-1127

Please note that this is a RHEL only change and should not be
included in non-RHEL branches.

This is a forward-port of the original changes in #8671 to the
new v3.0.1-rhel branch.

Signed-off-by: Matthew Heon <mheon@redhat.com>
---
 contrib/rootless-cni-infra/README.md |  7 ++++++-
 libpod/rootless_cni_linux.go         | 19 +++++--------------
 test/e2e/create_staticmac_test.go    |  1 +
 test/e2e/network_create_test.go      |  1 +
 test/e2e/network_test.go             |  2 ++
 test/e2e/run_networking_test.go      |  3 +++
 test/system/500-networking.bats      |  1 +
 7 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/contrib/rootless-cni-infra/README.md b/contrib/rootless-cni-infra/README.md
index c43b4cf491..fe4cf587dd 100644
--- a/contrib/rootless-cni-infra/README.md
+++ b/contrib/rootless-cni-infra/README.md
@@ -1,6 +1,11 @@
 # rootless-cni-infra
 
-Infra container for CNI-in-slirp4netns.
+Infra container for CNI-in-slirp4netns. This is required for rootless CNI networking.
+
+To build the rootless CNI infra container image, please download both the Containerfile and `rootless-cni-infra` files to an otherwise empty directory.
+Then, run `podman build -t rootless-cni-infra .` on that directory as the user who will be running rootless Podman.
+
+Once the image has been built, Podman will automatically use it as required to create CNI networks.
 
 ## How it works
 
diff --git a/libpod/rootless_cni_linux.go b/libpod/rootless_cni_linux.go
index e979851807..9554b82cca 100644
--- a/libpod/rootless_cni_linux.go
+++ b/libpod/rootless_cni_linux.go
@@ -7,14 +7,11 @@ import (
 	"context"
 	"io"
 	"path/filepath"
-	"runtime"
 
 	cnitypes "github.com/containernetworking/cni/pkg/types/current"
 	"github.com/containernetworking/plugins/pkg/ns"
 	"github.com/containers/podman/v3/libpod/define"
-	"github.com/containers/podman/v3/libpod/image"
 	"github.com/containers/podman/v3/pkg/env"
-	"github.com/containers/podman/v3/pkg/util"
 	"github.com/containers/storage/pkg/lockfile"
 	"github.com/hashicorp/go-multierror"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
@@ -23,11 +20,6 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-// Built from ../contrib/rootless-cni-infra.
-var rootlessCNIInfraImage = map[string]string{
-	"amd64": "quay.io/libpod/rootless-cni-infra@sha256:adf352454666f7ce9ca3e1098448b5ee18f89c4516471ec99447ec9ece917f36", // 5-amd64
-}
-
 const (
 	rootlessCNIInfraContainerNamespace = "podman-system"
 	rootlessCNIInfraContainerName      = "rootless-cni-infra"
@@ -259,14 +251,13 @@ func ensureRootlessCNIInfraContainerRunning(ctx context.Context, r *Runtime) (*C
 }
 
 func startRootlessCNIInfraContainer(ctx context.Context, r *Runtime) (*Container, error) {
-	imageName, ok := rootlessCNIInfraImage[runtime.GOARCH]
-	if !ok {
-		return nil, errors.Errorf("cannot find rootless-podman-network-sandbox image for %s", runtime.GOARCH)
-	}
+	imageName := "rootless-cni-infra"
 	logrus.Debugf("rootless CNI: ensuring image %q to exist", imageName)
-	newImage, err := r.ImageRuntime().New(ctx, imageName, "", "", nil, nil,
-		image.SigningOptions{}, nil, util.PullImageMissing)
+	newImage, err := r.ImageRuntime().NewFromLocal(imageName)
 	if err != nil {
+		if errors.Cause(err) == define.ErrNoSuchImage {
+			return nil, errors.Errorf("rootless CNI infra image not present - please build image from https://github.com/containers/podman/blob/v3.0.1-rhel/contrib/rootless-cni-infra/ and tag as %q", imageName)
+		}
 		return nil, err
 	}
 	logrus.Debugf("rootless CNI: image %q is ready", imageName)
diff --git a/test/e2e/create_staticmac_test.go b/test/e2e/create_staticmac_test.go
index 1df93553de..aef3851423 100644
--- a/test/e2e/create_staticmac_test.go
+++ b/test/e2e/create_staticmac_test.go
@@ -48,6 +48,7 @@ var _ = Describe("Podman run with --mac-address flag", func() {
 	})
 
 	It("Podman run --mac-address with custom network", func() {
+		SkipIfRootless("rootless CNI is tech preview in RHEL 8.3.1")
 		net := "n1" + stringid.GenerateNonCryptoID()
 		session := podmanTest.Podman([]string{"network", "create", net})
 		session.WaitWithDefaultTimeout()
diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go
index ef3be8e222..9a70b00273 100644
--- a/test/e2e/network_create_test.go
+++ b/test/e2e/network_create_test.go
@@ -69,6 +69,7 @@ var _ = Describe("Podman network create", func() {
 	)
 
 	BeforeEach(func() {
+		SkipIfRootless("rootless CNI is tech preview in RHEL 8.3.1")
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
 			os.Exit(1)
diff --git a/test/e2e/network_test.go b/test/e2e/network_test.go
index 68a0222c65..4458fb7fe5 100644
--- a/test/e2e/network_test.go
+++ b/test/e2e/network_test.go
@@ -21,6 +21,8 @@ var _ = Describe("Podman network", func() {
 	)
 
 	BeforeEach(func() {
+		SkipIfRootless("rootless CNI is tech preview in RHEL 8.3.1")
+
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
 			os.Exit(1)
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index a6237a49aa..eebee46b21 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -628,6 +628,7 @@ var _ = Describe("Podman run networking", func() {
 	})
 
 	It("podman run in custom CNI network with --static-ip", func() {
+		SkipIfRootless("rootless CNI is tech preview in RHEL 8.3.1")
 		netName := stringid.GenerateNonCryptoID()
 		ipAddr := "10.25.30.128"
 		create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.30.0/24", netName})
@@ -660,6 +661,7 @@ var _ = Describe("Podman run networking", func() {
 	})
 
 	It("podman run with new:pod and static-ip", func() {
+		SkipIfRootless("rootless CNI is tech preview in RHEL 8.3.1")
 		netName := stringid.GenerateNonCryptoID()
 		ipAddr := "10.25.40.128"
 		podname := "testpod"
@@ -733,6 +735,7 @@ var _ = Describe("Podman run networking", func() {
 	})
 
 	It("podman run check dnsname plugin", func() {
+		SkipIfRootless("rootless CNI is tech preview in RHEL 8.3.1")
 		pod := "testpod"
 		session := podmanTest.Podman([]string{"pod", "create", "--name", pod})
 		session.WaitWithDefaultTimeout()
diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
index bcc6737b7a..5e2487d073 100644
--- a/test/system/500-networking.bats
+++ b/test/system/500-networking.bats
@@ -98,6 +98,7 @@ load helpers
 # "network create" now works rootless, with the help of a special container
 @test "podman network create" {
     skip_if_remote "FIXME: pending #7808"
+    skip_if_rootless "Rootless CNI is tech preview in RHEL 8.2.1"
 
     local mynetname=testnet-$(random_string 10)
     local mysubnet=$(random_rfc1918_subnet)