89luca89 / podman-launcher Goto Github PK

Simple golang wrapper to bundle a podman installation in a single binary

License: GNU General Public License v3.0

Makefile 14.75% Go 85.25%

cli containers development distrobox golang launcher linux podman steamdeck wrapper

podman-launcher's Introduction

Podman Launcher

This project is a simple golang wrapper that uses embed to ship the latest release of https://github.com/mgoltzsche/podman-static/

That repo builds and releases all podman components as statically linked binaries this will let us to easily ship the container manager without needing all the dependency resolution of a package manager.

This project will take care of shipping the release (together with crun) and setting it up properly in order to work completely from $HOME, and without overlapping with a native podman installation.

Rootful podman works (if needed), and will unpack a copy of the binaries in /root for it to work.

Installation

Download the binary, make it executable and put it in your $PATH

Optionally, you can name it podman in order to make it easier to type/use

Usage

This launcher is transparent, so you will use it with all podman's flags and so on

Use in your project

You can use the podman-launcher as a library in your project, if you depend on podman and want to embed it as a dependency.

You'll need to embed the assets.tar.gz (that you'll find in the release page) in your application, and pass it to the launcher.Config struct for it to work

Example code:

package main

import (
    _ "embed"

	"github.com/89luca89/podman-launcher/pkg/launcher"
)

var assets []byte

func main() {
    conf := launcher.NewLauncher("/home/luca-linux/.podman-launcher", "/var/tmp", assets)

    command := []string{
        "podman",
        "run", "--rm", "-ti",
        "alpine:latest",
        "/bin/sh"
    }

	err := conf.Run(command)
	if err != nil {
		if exiterr, ok := err.(*exec.ExitError); ok {
			os.Exit(exiterr.ExitCode())
		}
	}
}

Upgrade

To update, download the new release, and with the new binary run podman-launcher upgrade to upgrade the embedded podman package.

Dependencies

On the system, the only dependencies needed are the one that podman needs. Specifically iptables and ip6tables for the bridge to work (not needed if using host's network namespace).

For rootless setup to work you need newuidmap and newgidmap binaries (usually part of the shadow package) and correctly set the /etc/subuid and /etc/subgid

Refer to the official documentation for further info: https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md

Compile

make clean
make

make download will download the latest bundles of crun and podman-static and prepare them for the launcher.

make podman-launcher will actually compile the main.go and embed the targz in it.

Use Cases

It's a nice-to-have for systems like the Steamdeck or where you're not allowed to modify the system in any way.

Thought to be a nice fallback container engine option for Distrobox (https://github.com/89luca89/distrobox)

podman-launcher's People

Contributors

Stargazers

Watchers

Forkers

mirkobrombin

podman-launcher's Issues

make depends on missing vendor/embed

Just testing this packaged, ran make and got this error:


OOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -mod vendor -ldflags="-s -w -X 'main.version=${RELEASE_VERSION:-"0.0.3"}'" -o podman-launcher-amd64 main.go
build embed: cannot load embed: open /home/charlesq/Apps/podman/podman-launcher/vendor/embed: no such file or directory

invalid cni_plugin_dirs

Hiya, I am on a Steam Deck and I am getting the below error message when creating a distrobox (ex: distrobox create --name arch -i archlinux-latest):

ERRO[0000] validating network configs invalid cni_plugin_dirs: /home/deck/.local/podman/lib/cni

I followed the instructions here: https://github.com/89luca89/distrobox/blob/main/docs/posts/install_podman_static.md to install Distrobox and podman.

From a quick google search, it seems like I may be missing the containernetworking-plugins package? But I'm on a Steam Deck so I can't install that easily.

Happy to provide more information, not sure where to go from here.

Additional info:

I am on SteamOS 3.5 (Preview branch) which seems to come with Distrobox pre-installed now, could this be part of the issue? https://www.reddit.com/r/SteamDeck/comments/16rx5uq/so_apparently_steamos_comes_with_distrobox/

SteamDeck SteamOS 3.5.1 (can't talk to a V1 container registry) error

Image i am trying to pull quay.io/toolbx-images/ubuntu-toolbox:22.04
Version: v0.0.3

[Feature Request] Custom Directory Support

Hey,
I'm using a 64gb steam deck and I don't have enough storage on my eMMC to store podman containers in, but I have a 1tb SD card that I'd like to store them on.

I tried to symbolic link the podman-static dir onto my SDcard but it broke Distrobox compatibility. It worked perfectly fine when I ran "podman run hello-world", however. Also, distroboxes work when it's not symbolically linked.

I was wondering if there was a way we could make a config file to set a custom podman-static directory. Thank you for your consideration.

$ podman volume create test
Error: unknown flag: --signature-policy
See 'podman volume create --help'

As a fix, I've successfully tested the following hack patch (not a golang developer at all, feel free to implement in a better way)

diff --git a/pkg/launcher/launcher.go b/pkg/launcher/launcher.go
index ad83597..cab8451 100644
--- a/pkg/launcher/launcher.go
+++ b/pkg/launcher/launcher.go
@@ -53,6 +53,10 @@ var policyCommads = []string{
        "play",
 }

+var filteredPolicyCommands = []string{
+       "volume",
+}
+
 // NewLauncher will return an initialized launcher config with input dirs and payload.
 // Refer to https://github.com/89luca89/podman-launcher/releases for the assets.tar.gz
 // to embed in your application, to pass here as pack.
@@ -100,6 +104,21 @@ func (conf *Config) Run(argv []string) error {
        for _, command := range policyCommads {
                if slices.Contains(argv, command) {
                        index := slices.Index(argv, command)
+
+                       filtered := false
+                       for _, filterCmd := range filteredPolicyCommands {
+                               if slices.Contains(argv, filterCmd) {
+                                       filterIdx := slices.Index(argv, filterCmd)
+
+                                       if filterIdx < index {
+                                               filtered = true
+                                       }
+                               }
+                       }
+                       if filtered {
+                               continue
+                       }
+
                        argv = slices.Insert(argv, index+1, []string{"--signature-policy", conf.containersPolicyJSON}...)

                        break