User:Ajak/podman for Development and Binhosting

From Gentoo Wiki
Jump to:navigation Jump to:search

Using podman, one can create a very simple and powerful ebuild testing and binhost/binpkg generation environment. I will use the former use case as an example to start off with.

We start by configuring /etc/portage configurations in whatever way we want, but importantly they should be somehow stored on the host running podman. We will assume there is a target configuration in /srv/portage/unstable, with binary packages in /srv/binpkgs/generic, containing a world file called world.

So an unprivileged user can use the resulting container, we need to also host a local registry.

This is all we need to build the container. Using the run script here:

root #./run unstable

The builds a Podman image that:

  • Uses the host's distfiles and /var/db/repos
  • Uses the binpkgs from /srv/binpkgs/generic in the container as /var/cache/binpkgs
  • Uses the Portage configuration from the subdirectory of /srv/portage corresponding to the argument passed to the script. In this case /srv/portage/unstable will be bind mounted to /etc/portage in the container, and /var/lib/portage/world will be symlinked to /etc/portage/world
  • Does a full world update, populating the PKGDIR with any new packages that can be consumed by other systems
  • Is tagged and pushed to our local registry

After running this script, we can see the tagged images:

root #podman images localhost/unstable
REPOSITORY               TAG         IMAGE ID      CREATED      SIZE
localhost/unstable       latest      79aa73513be7  5 hours ago  2.06 GB
localhost:5000/unstable  latest      79aa73513be7  5 hours ago  2.06 GB

We can now use this image as an unprivileged user using the unpriv script, here.

user $./unpriv.sh
79aa73513be75c4357c9dd1cefa14ee5f21c8168e9ff05aa93fa971882e678e9
fd6ec96e2036 / # # root shell in rootless container!