[Buildroot] [PATCH v2 2/2] package/podman: new package
Christian Stewart
christian at aperture.us
Mon May 22 20:17:50 UTC 2023
Hi Joachim,
On Tue, May 16, 2023 at 10:18 PM Joachim Wiberg <troglobit at gmail.com> wrote:
> You forgot to update the DEVELOPERS file with your new package.
Will fix for next revision, thanks.
> > + select BR2_PACKAGE_CATATONIT
>
> Noob question, is CATATONIT really a dependency? I thought it was only
> needed/recommended when composing a new container.
When starting a container with the --init flag, both Docker and Podman
will use an init binary as the PID 1 within the container. The init
binary comes from the host system. With Docker and Containerd we use
/usr/bin/tini symlink to /usr/bin/tini.
The default in podman is to use catatonit at /usr/bin/catatonit for
--init, so I had included it as a dependency here.
An alternative could be to add a dependency on Tini and adding
`init_path = "/usr/bin/tini"` to `/usr/share/containers/libpod.conf`.
However: currently in Docker and Containerd we do not actually "select
TINI". Docker will use it if it's present, but we don't depend on it
directly. So I have dropped the "select CATATONIT" for the next
package revision.
>
> > + select BR2_PACKAGE_CNI_PLUGINS
> > + select BR2_PACKAGE_CONMON
> > + select BR2_PACKAGE_CNI_PLUGINS
>
> Duplicate
Fixed, thanks.
> Not sure, but for container networking we also need BRIDGE_UTILS, right?
Not from what I've read, plus I've been testing without it & it works fine.
It's not in the list of dependencies on the arch package either.
> > + select BR2_PACKAGE_LIBGPGME
>
> For rootless support, isn't SHADOW + SHADOW_SUBORDINATE_IDS and
> SLIRP4NETNS required?
Possibly, but given that our default mode here is to run podman as a
system daemon, I don't know if enforcing these requirements is
strictly necessary. If a user wants to use podman in rootless mode
they can enable these things.
> CGROUPFS_MOUNT is probably needed for non-systemd builds.
Good catch, added & fixed, thanks.
> CA_CERTIFICATES is needed for https pull.
That's also true for docker and balena-engine and containerd, but we
don't select CA_CERTIFICATES there.
Podman will work fine without it, assuming you just load container
images locally w/o https pull.
Sent another revision as v3, thanks!
Best regards,
Christian Stewart
More information about the buildroot
mailing list