[Buildroot] [PATCH v2 2/2] package/podman: new package

Christian Stewart christian at aperture.us
Mon May 22 20:17:50 UTC 2023 

Hi Joachim,

On Tue, May 16, 2023 at 10:18 PM Joachim Wiberg <troglobit at gmail.com> wrote:
> You forgot to update the DEVELOPERS file with your new package.

Will fix for next revision, thanks.


> > +     select BR2_PACKAGE_CATATONIT
>
> Noob question, is CATATONIT really a dependency?  I thought it was only
> needed/recommended when composing a new container.

When starting a container with the --init flag, both Docker and Podman
will use an init binary as the PID 1 within the container. The init
binary comes from the host system. With Docker and Containerd we use
/usr/bin/tini symlink to /usr/bin/tini.

The default in podman is to use catatonit at /usr/bin/catatonit for
--init, so I had included it as a dependency here.

An alternative could be to add a dependency on Tini and adding
`init_path = "/usr/bin/tini"` to `/usr/share/containers/libpod.conf`.

However: currently in Docker and Containerd we do not actually "select
TINI". Docker will use it if it's present, but we don't depend on it
directly. So I have dropped the "select CATATONIT" for the next
package revision.

>
> > +     select BR2_PACKAGE_CNI_PLUGINS
> > +     select BR2_PACKAGE_CONMON
> > +     select BR2_PACKAGE_CNI_PLUGINS
>
> Duplicate

Fixed, thanks.

> Not sure, but for container networking we also need BRIDGE_UTILS, right?

Not from what I've read, plus I've been testing without it & it works fine.

It's not in the list of dependencies on the arch package either.

> > +     select BR2_PACKAGE_LIBGPGME
>
> For rootless support, isn't SHADOW + SHADOW_SUBORDINATE_IDS and
> SLIRP4NETNS required?

Possibly, but given that our default mode here is to run podman as a
system daemon, I don't know if enforcing these requirements is
strictly necessary. If a user wants to use podman in rootless mode
they can enable these things.

> CGROUPFS_MOUNT is probably needed for non-systemd builds.

Good catch, added & fixed, thanks.

> CA_CERTIFICATES is needed for https pull.

That's also true for docker and balena-engine and containerd, but we
don't select CA_CERTIFICATES there.

Podman will work fine without it, assuming you just load container
images locally w/o https pull.

Sent another revision as v3, thanks!

Best regards,
Christian Stewart

More information about the buildroot mailing list