Conversation
playday3008
force-pushed
the
feat/podman-support
branch
from
8a4b55f to
140423d
Compare
|
It's kind of a good idea, but the challenge is that it might be difficult to implement. If you wait some time then I can install podman in a computer and test this PR and let you know what happens. |
Sure thing, I'm using Podman myself, I don't have Docker, so, for me it was kinda crucial to have this. It's better test whether Docker build still works. Here I ran package build with new |
playday3008
force-pushed
the
feat/podman-support
branch
from
140423d to
c81fa2a
Compare
|
For now committed minimal required changes for Podman and Docker to coexist. @robertkirkman You might want to take a look. |
playday3008
force-pushed
the
feat/podman-support
branch
from
9f54f7e to
2100868
Compare
|
So, locally with Podman works: |
|
@robertkirkman Hey, have you tried Podman? You said you'd try, haven't heard back, everything ok? |
|
I will in a while, currently I am working on PRs related to updating to Python 3.13 |
TomJo2000
left a comment
TomJo2000
left a comment
There was a problem hiding this comment.
I'm feeling pretty optimistic about this PR.
The changeset is a lot more manageable than I would have initially expected.
I just have a couple style notes.
| # Execute command in container | ||
| if [ "$RUNTIME" = "podman" ]; then | ||
| $SUDO $RUNTIME exec $CI_OPT \ | ||
| --user root \ | ||
| --env HOME=$CONTAINER_HOME_DIR \ | ||
| --env "DOCKER_EXEC_PID_FILE_PATH=$DOCKER_EXEC_PID_FILE_PATH" \ | ||
| --interactive $DOCKER_TTY \ | ||
| $TERMUX_DOCKER_EXEC_EXTRA_ARGS \ | ||
| $CONTAINER_NAME \ | ||
| "$@" | ||
| else | ||
| $SUDO $RUNTIME exec $CI_OPT \ | ||
| --env "DOCKER_EXEC_PID_FILE_PATH=$DOCKER_EXEC_PID_FILE_PATH" \ | ||
| --interactive $DOCKER_TTY \ | ||
| $TERMUX_DOCKER_EXEC_EXTRA_ARGS \ | ||
| $CONTAINER_NAME \ | ||
| "$@" | ||
| fi |
There was a problem hiding this comment.
- As mentioned above (Support Podman in
run-docker.sh#28785 (comment)) I think thedockerhandling should be the "happy path" for this condition since that is the expected default runtime.
There was a problem hiding this comment.
Same, else should be error, docker should be elif
There was a problem hiding this comment.
This would work also here, right?
PODMAN_ARGS=
if [ "$RUNTIME" = "podman" ]; then
PODMAN_ARGS="--user root --env HOME=$CONTAINER_HOME_DIR"
fi
$SUDO $RUNTIME exec $CI_OPT \
$PODMAN_ARGS \
--env "DOCKER_EXEC_PID_FILE_PATH=$DOCKER_EXEC_PID_FILE_PATH" \
--interactive $DOCKER_TTY \
$TERMUX_DOCKER_EXEC_EXTRA_ARGS \
$CONTAINER_NAME \
"$@"
playday3008
force-pushed
the
feat/podman-support
branch
from
1a6fddf to
c174789
Compare
|
Just in case, I've rerun CI with new changes, to test Docker again. |
You may want to add the |
That was done intentionally, first run to build, second run to check |
|
Oh I thought one run was with Docker, one was with Podman. |
Yep, both with Podman, just ran same command twice |
|
Alright that makes sense then. |
TomJo2000
left a comment
TomJo2000
left a comment
There was a problem hiding this comment.
This looks good to me at this point.
I do have one more suggestion, but other than that I think this is solid.
playday3008
force-pushed
the
feat/podman-support
branch
from
577109b to
513d276
Compare
|
CI rerun |
Sorry, I was busy with other PRs, but now I finally started testing this PR, and the first problem I have encountered is this, Do you happen to know what should be done if this happens? I tried just |
|
@robertkirkman Arch Linux user? Your user likely has no subordinate ID ranges configured. Check: grep $(whoami) /etc/subuid /etc/subgidIf empty or missing, allocate them: sudo usermod --add-subuids 100000-165535 --add-subgids 100000-165535 $(whoami)Then apply changes: podman system migrateIf the pull still fails, do a full reset (removes all local containers/images): podman system resetThen retry Source: https://wiki.archlinux.org/title/Podman#Rootless_Podman |
|
Yes, I am using an Arch Linux Virtual Machine that is able to run regular Docker normally. Thanks, I tried those commands, but unfortunately for me they don't seem to make a difference: |
|
@robertkirkman To be honest, I've never used Podman on Arch, I'm using Fedora, which out of box uses Podman, so, I suppose I wouldn't be able help much with on Arch |
|
Hmm, I will install a Fedora virtual machine with everything default from this iso and try to reproduce your setup https://download.fedoraproject.org/pub/fedora/linux/releases/43/Workstation/x86_64/iso/Fedora-Workstation-Live-43-1.6.x86_64.iso |
| $TERMUX_DOCKER_RUN_EXTRA_ARGS \ | ||
| $TERMUX_BUILDER_IMAGE_NAME | ||
| __change_builder_uid_gid | ||
| else |
There was a problem hiding this comment.
The shared arguments could be written together in a similar way to my other suggestion here also, right?
There was a problem hiding this comment.
The remaining concern I have is about the arguments here. The arguments $SUDO, $RUNTIME, run, $RUNTIME_RUN_ARGS, and $TERMUX_BUILDER_IMAGE_NAME are all the same and could be shared, right?
There was a problem hiding this comment.
Yes, I'll check it, after testing
playday3008
force-pushed
the
feat/podman-support
branch
from
513d276 to
15f5c63
Compare
Factor shared arguments for `run` and `exec` into RUNTIME_RUN_ARGS and RUNTIME_EXEC_ARGS variables, so each runtime branch only specifies its own flags.
|
When I started using Fedora, Podman immediately started working for basic packages like Next, I started testing some of the complicated packages that rely on particular Docker-specific behaviors or features that often prevent them from building outside of Docker. When I use 
do you happen to know if there's a way Podman can be configured to behave any closer to how Docker behaves, to see if it's able to build the Termux |
|
I'll try to build
|
Podman's default seccomp profile only allows personality() with specific argument values. The arg comparison fails for qemu-arm's personality(0xffffffff) call, breaking proot-based cross-compilation (e.g. gnucash's guile dependency). Apply the same custom seccomp profile (profile.json) to both Docker and Podman, and add fchmodat2 to the profile for modern glibc compatibility. Extract the common SEC_OPT setup out of the per-runtime branches.
|
@robertkirkman Try again please. |
|
@playday3008 Ok, thanks! Now Next, I tried this command: scripts/run-docker.sh ./build-package.sh -I -f -a arm pypy3and I see this: This is one of the challenging packages. Do you think you can make Podman build this package? |
| "fchdir", | ||
| "fchmod", | ||
| "fchmodat", | ||
| "fchmodat2", |
There was a problem hiding this comment.
This is the default since moby/profiles@91990ca, so just remind me to properly do a diff of profile.json with the older copy in github.com/moby/moby and rebase it against the new location in github.com/moby/profiles once this PR is merged
Running as --user root in the Podman container caused Termux's patched apt (which refuses uid 0) to fail when invoked through proot during cross-compilation builds like pypy3. Switch to explicit --uidmap/--gidmap that maps the host user to the image's builder account (uid/gid 1001). This keeps bind-mount permissions correct while running as non-root inside the container.
|
@robertkirkman Supposedly fixed |
|
Packages:
|
I have so many questions
|
|
I know it's a "mandelbrot fractal", but I don't know why it's there. Yes, it seems like this is building packages very well now! Good job! |
|
I know that as well, but how it's in any way used in/helpful for |
|
Oh my god, I like it so much: https://stackoverflow.com/questions/21708359/whats-the-output-during-pypy-build-means |
|
@robertkirkman Runs and builds fine |
4 participants
Auto-detects Docker or Podman (override via
TERMUX_CONTAINER_RUNTIME). Podman runs rootless with user namespaces — no sudo, no host permission changes.