Describe the bug
Podman's packaging isn't following the spirit of Nix, as far as I can tell. It seems to pull in a bunch of run-time executable dependencies via PATH resolution instead of build-time resolution.
To Reproduce
nix-shell -p podman --run podman
$ nix-shell -p podman --run podman
ERRO[0000] cannot find mappings for user grahamc: No subuid ranges found for user "grahamc" in /etc/subuid
Error: could not get runtime: could not find a working conmon binary (configured options: [/usr/libexec/podman/conmon /usr/local/libexec/podman/conmon /usr/local/lib/podman/conmon /usr/bin/conmon /usr/sbin/conmon /usr/local/bin/conmon /usr/local/sbin/conmon /run/current-system/sw/bin/conmon]): invalid argument
based on the module, it looks like several run-time executables are referenced through PATH resolution instead of build-time pinning: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/podman.nix#L80-L89
Expected behavior
Nix's build products should have stable references to their run-time dependencies whenever possible. Given podman's rootless container support, I doubly expected nix-shell -p podman to give a usable podman.
grahamc
All 7 comments
Maintainer cc @marsam @adisbladis @saschagrunert @vdemeester @zowoq
grahamc
on 28 Apr 2020
Hmm im not sure how I feel about this.
Podman is agnostic of container runtime for example. So it not having a path to either runc or crun is a feature.
But conmon should probably be referenced by nix path yes. And utillinux too.
We could perhaps default to runc runtime and let people opt to crun?
arianvp
on 28 Apr 2020
@arianvp check out this PR from @adisbladis #86249
grahamc
on 28 Apr 2020
I see the issue here. We could also discuss if it generally would make sense to have a build-time config feature for podman. Having strong defaults without configuration could be achieved that way for NixOS, too.
saschagrunert
on 29 Apr 2020
Given podman's rootless container support, I doubly expected
nix-shell -p podmanto give a usable podman.
Is this expected to work without registry and policy files in /etc/containers?
zowoq
on 30 Apr 2020
I would like it to, and it sounds like there is upstream work to make that possible.
On Wed, Apr 29, 2020, at 6:51 PM, zowoq wrote:
Given podman's rootless container support, I doubly expected
nix-shell -p podmanto give a usable podman.
Is this expected to work without registry and policy files in
/etc/containers?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub https://github.com/NixOS/nixpkgs/issues/86245#issuecomment-621509179, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAASXLFG6JS7XN53TWGIRRTRPCVOPANCNFSM4MTDJOSQ.
grahamc
on 30 Apr 2020
Is this expected to work without registry and policy files in /etc/containers?
This already works with rootless podman if you have the appropriate subuib/subgids set up.
If https://github.com/NixOS/nixpkgs/pull/86278 is merged nix-shell -p podman --run "podman ..." will work out of the box on NixOS.
adisbladis
on 30 Apr 2020
Related issues
spacekitteh
·
3Comments
sid-kap
·
3Comments
ghost
·
3Comments
copumpkin
·
3Comments
ob7
·
3Comments
Most helpful comment
This already works with rootless podman if you have the appropriate subuib/subgids set up.
If https://github.com/NixOS/nixpkgs/pull/86278 is merged
nix-shell -p podman --run "podman ..."will work out of the box on NixOS.