diff options
Diffstat (limited to 'gnu/packages/containers.scm')
| -rw-r--r-- | gnu/packages/containers.scm | 325 |
1 files changed, 222 insertions, 103 deletions
diff --git a/gnu/packages/containers.scm b/gnu/packages/containers.scm index 31260c5c0a..c57f249ebd 100644 --- a/gnu/packages/containers.scm +++ b/gnu/packages/containers.scm @@ -26,6 +26,7 @@ (define-module (gnu packages containers) #:use-module (guix gexp) #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix modules) #:use-module (gnu packages) #:use-module (guix packages) #:use-module (guix download) @@ -34,6 +35,7 @@ #:use-module (guix build-system gnu) #:use-module (guix build-system go) #:use-module (guix build-system meson) + #:use-module (guix build-system pyproject) #:use-module (guix utils) #:use-module (gnu packages admin) #:use-module (gnu packages autotools) @@ -42,13 +44,19 @@ #:use-module (gnu packages check) #:use-module (gnu packages compression) #:use-module (gnu packages glib) + #:use-module (gnu packages gcc) #:use-module (gnu packages gnupg) #:use-module (gnu packages golang) #:use-module (gnu packages guile) #:use-module (gnu packages linux) + #:use-module (gnu packages man) + #:use-module (gnu packages pcre) #:use-module (gnu packages python) #:use-module (gnu packages networking) #:use-module (gnu packages pkg-config) + #:use-module (gnu packages python-xyz) + #:use-module (gnu packages python-check) + #:use-module (gnu packages rust-apps) #:use-module (gnu packages selinux) #:use-module (gnu packages version-control) #:use-module (gnu packages virtualization) @@ -58,7 +66,7 @@ (define-public crun (package (name "crun") - (version "1.14.1") + (version "1.15") (source (origin (method url-fetch) @@ -68,7 +76,7 @@ "/crun-" version ".tar.gz")) (sha256 (base32 - "02lplc2asyllb58mvy7l8b9gsk7fxs95g928xk28yzmf592ay33x")))) + "0zq8vcn2vg9snaqmf8k5gngskiclpm1ln0hhs1vsw8w8igjs2fx0")))) (build-system gnu-build-system) (arguments `(#:configure-flags '("--disable-systemd") @@ -104,7 +112,7 @@ Container Runtime fully written in C.") (define-public conmon (package (name "conmon") - (version "2.0.31") + (version "2.1.12") (source (origin (method git-fetch) @@ -112,7 +120,7 @@ Container Runtime fully written in C.") (url "https://github.com/containers/conmon") (commit (string-append "v" version)))) (sha256 - (base32 "1cxklcihb2i4ywli0fxafkp2gi1x831r37z7spnigaj6pzj1517w")) + (base32 "0rrj4rmz5bmxycqhdjpizwvb25bimkri9jwb3wcfwzyxnx1va849")) (file-name (git-file-name name version)))) (build-system gnu-build-system) (arguments @@ -240,7 +248,7 @@ containers or various tools.") (define-public slirp4netns (package (name "slirp4netns") - (version "1.2.3") + (version "1.3.0") (source (origin (method git-fetch) @@ -248,7 +256,7 @@ containers or various tools.") (url "https://github.com/rootless-containers/slirp4netns") (commit (string-append "v" version)))) (sha256 - (base32 "0czvdsdv821fz4jd9rgrlkdhhjna6frawr8klvx3k2cfh444fbii")) + (base32 "1zwahs9fpb61h708k416l6brihgjl6z8ms0jbz4rvw7q34k2c8vw")) (file-name (git-file-name name version)))) (build-system gnu-build-system) (arguments @@ -281,14 +289,14 @@ network namespaces.") (define-public passt (package (name "passt") - (version "2023_12_30.f091893") + (version "2024_05_10.7288448") (source (origin (method url-fetch) (uri (string-append "https://passt.top/passt/snapshot/passt-" version ".tar.gz")) (sha256 - (base32 "1nyd4h93qlxn1r01ffijpsd7r7ny62phki5j58in8gz021jj4f3d")))) + (base32 "12lg216d0r8zb0rpxmnzzfyz4v5gc7ahdvypp811px0ip0qkzj25")))) (build-system gnu-build-system) (arguments (list @@ -384,6 +392,9 @@ configure network interfaces in Linux containers.") (list #:make-flags `(list ,(string-append "GIT_VERSION=v" version)) #:test-target "test" + #:imported-modules + (source-module-closure `(,@%gnu-build-system-modules + (guix build go-build-system))) #:phases #~(modify-phases %standard-phases (delete 'configure) @@ -397,7 +408,9 @@ configure network interfaces in Linux containers.") (invoke "rm" "-r" "test"))) (replace 'install (lambda _ - (install-file "bin/gvproxy" (string-append #$output "/bin"))))))) + (install-file "bin/gvproxy" (string-append #$output "/bin")))) + (add-after 'install 'remove-go-references + (@@ (guix build go-build-system) remove-go-references))))) (native-inputs (list go-1.20)) (home-page "https://github.com/containers/gvisor-tap-vsock") (synopsis "Network stack for virtualization based on gVisor") @@ -410,95 +423,142 @@ It can be used with QEMU, Hyperkit, Hyper-V and User-Mode Linux. The binary is called @command{gvproxy}.") (license license:asl2.0))) -;; For podman to work, the user needs to run -;; `sudo mount -t cgroup2 none /sys/fs/cgroup` +(define-public catatonit + (package + (name "catatonit") + (version "0.2.0") + (source + (origin + (method url-fetch) + (uri (string-append + "https://github.com/openSUSE/catatonit/releases/download/v" + version "/catatonit.tar.xz")) + (sha256 + (base32 "141b5lypgqib546zmldi4kqzpqfd6vvqddqqkfaz3w11fjsc4hwq")))) + (build-system gnu-build-system) + (native-inputs + (list autoconf automake libtool)) + (home-page "https://github.com/openSUSE/catatonit") + (synopsis "Container init") + (description + "Catatonit is a simple container init tool developed as a rewrite of +@url{https://github.com/cyphar/initrs, initrs} in C due to the need for static +compilation of Rust binaries with @code{musl}. Inspired by other container +inits like @url{https://github.com/krallin/tini, tini} and +@url{https://github.com/Yelp/dumb-init, dumb-init}, catatonit focuses on +correct signal handling, utilizing @code{signalfd(2)} for improved stability. +Its main purpose is to support the key usage by @code{docker-init}: +@code{/dev/init} – <your program>, with minimal additional features planned.") + (license license:gpl2+))) (define-public podman (package (name "podman") - (version "4.9.3") + (version "5.1.0") (source (origin (method git-fetch) (uri (git-reference (url "https://github.com/containers/podman") (commit (string-append "v" version)))) - (modules '((guix build utils))) - ;; FIXME: Btrfs libraries not detected by these scripts. - (snippet '(substitute* "Makefile" - ((".*hack/btrfs.*") ""))) - (patches - (search-patches - "podman-program-lookup.patch")) (sha256 - (base32 "17g7n09ndxhpjr39s9qwxdcv08wavjj0g5nmnrvrkz2wgdqigl1x")) + (base32 "0ldzrrz8jba6ka1xfs8msiy08iz4m674xhfxbcdsnc9lmxi3ys4f")) (file-name (git-file-name name version)))) - (build-system gnu-build-system) (arguments (list #:make-flags - #~(list #$(string-append "CC=" (cc-for-target)) - (string-append "PREFIX=" #$output)) + #~(list (string-append "CC=" #$(cc-for-target)) + (string-append "PREFIX=" #$output) + (string-append "HELPER_BINARIES_DIR=" #$output "/_guix") + (string-append "GOMD2MAN=" + #$go-github-com-go-md2man "/bin/go-md2man")) #:tests? #f ; /sys/fs/cgroup not set up in guix sandbox #:test-target "test" + #:imported-modules + (source-module-closure `(,@%gnu-build-system-modules + (guix build go-build-system))) #:phases #~(modify-phases %standard-phases (delete 'configure) (add-after 'unpack 'set-env - (lambda* (#:key inputs #:allow-other-keys) - ;; when running go, things fail because - ;; HOME=/homeless-shelter. - (setenv "HOME" "/tmp"))) + (lambda _ + ;; When running go, things fail because HOME=/homeless-shelter. + (setenv "HOME" "/tmp") + ;; Required for detecting btrfs in hack/btrfs* due to bug in GNU + ;; Make <4.4 causing CC not to be propagated into $(shell ...) + ;; calls. Can be removed once we update to >4.3. + (setenv "CC" #$(cc-for-target)))) (replace 'check (lambda* (#:key tests? #:allow-other-keys) (when tests? - ;; (invoke "strace" "-f" "bin/podman" "version") (invoke "make" "localsystem") (invoke "make" "remotesystem")))) (add-after 'unpack 'fix-hardcoded-paths (lambda _ - (substitute* "vendor/github.com/containers/common/pkg/config/config.go" - (("@SLIRP4NETNS_DIR@") - (string-append #$slirp4netns "/bin")) - (("@PASST_DIR@") - (string-append #$passt "/bin"))) - (substitute* "hack/install_catatonit.sh" - (("CATATONIT_PATH=\"[^\"]+\"") - (string-append "CATATONIT_PATH=" (which "true")))) (substitute* "vendor/github.com/containers/common/pkg/config/config_linux.go" (("/usr/local/libexec/podman") (string-append #$output "/libexec/podman")) (("/usr/local/lib/podman") - (string-append #$output "/bin"))) - (substitute* "vendor/github.com/containers/common/pkg/config/default.go" - (("/usr/libexec/podman/conmon") (which "conmon")) - (("/usr/local/libexec/cni") - (string-append #$(this-package-input "cni-plugins") - "/bin")) - (("/usr/bin/crun") (which "crun"))))) + (string-append #$output "/bin"))))) + (add-after 'install 'symlink-helpers + (lambda _ + (mkdir-p (string-append #$output "/_guix")) + (for-each + (lambda (what) + (symlink (string-append (car what) "/bin/" (cdr what)) + (string-append #$output "/_guix/" (cdr what)))) + ;; Only tools that cannot be discovered via $PATH are + ;; symlinked. Rest is handled in the 'wrap-podman phase. + `((#$aardvark-dns . "aardvark-dns") + ;; Required for podman-machine, which is *not* supported out + ;; of the box. But it cannot be discovered via $PATH, so + ;; there is no other way for the user to install it. It + ;; costs ~10MB, so let's leave it here. + (#$gvisor-tap-vsock . "gvproxy") + (#$netavark . "netavark"))))) + (add-after 'install 'wrap-podman + (lambda _ + (wrap-program (string-append #$output "/bin/podman") + `("PATH" suffix + (,(string-append #$catatonit "/bin") + ,(string-append #$conmon "/bin") + ,(string-append #$crun "/bin") + ,(string-append #$gcc "/bin") ; cpp + ,(string-append #$iptables "/sbin") + ,(string-append #$passt "/bin") + ,(string-append #$procps "/bin") ; ps + "/run/setuid-programs"))))) + (add-after 'install 'remove-go-references + (lambda* (#:key inputs #:allow-other-keys) + (let ((go (assoc-ref inputs "go"))) + (for-each + (lambda (file) + (when (executable-file? file) + ((@@ (guix build go-build-system) remove-store-reference) + file go))) + (append (find-files (string-append #$output "/bin")) + (find-files (string-append #$output "/libexec")) + (find-files (string-append #$output "/lib"))))))) (add-after 'install 'install-completions (lambda _ (invoke "make" "install.completions" (string-append "PREFIX=" #$output))))))) (inputs - (list btrfs-progs - cni-plugins - conmon - crun + (list bash-minimal + btrfs-progs gpgme - go-github-com-go-md2man - iptables libassuan libseccomp - libselinux - passt - slirp4netns)) + libselinux)) (native-inputs - (list bats + (list (package/inherit grep + (inputs (list pcre2))) ; Drop once grep on master supports -P + bats git go-1.21 - ; strace ; XXX debug + go-github-com-go-md2man + mandoc pkg-config python)) (home-page "https://podman.io") @@ -508,67 +568,126 @@ The binary is called @command{gvproxy}.") volumes mounted into those containers, and pods made from groups of containers. -The @code{machine} subcommand is not supported due to gvproxy not being -packaged.") +Not all commands are working out of the box due to requiring additional +binaries to be present in the $PATH. + +To get @code{podman compose} working, install either @code{podman-compose} or +@code{docker-compose} packages. + +To get @code{podman machine} working, install @code{qemu-minimal}, and +@code{openssh} packages.") (license license:asl2.0))) +(define-public podman-compose + (package + (name "podman-compose") + (version "1.0.6") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/containers/podman-compose") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 "11dwpifkm20vyi6r3fgmiiqc01mpm4r8l0p5gfh0bawi2gklrhsf")))) + (build-system pyproject-build-system) + (arguments + (list + #:test-flags #~(list "pytests"))) + (native-inputs + (list python-pytest)) + (propagated-inputs + (list python-dotenv python-pyyaml)) + (home-page "https://github.com/containers/podman-compose") + (synopsis "Script to run docker-compose.yml using podman") + (description "This package provides an implementation of +@url{https://compose-spec.io/, Compose Spec} for @code{podman} focused on +being rootless and not requiring any daemon to be running.") + (license license:gpl2))) + (define-public buildah (package (name "buildah") - (version "1.29.1") - (source (origin - (method git-fetch) - (uri (git-reference - (url "https://github.com/containers/buildah") - (commit (string-append "v" version)))) - (file-name (git-file-name name version)) - (sha256 - (base32 - "1mcqkz68fjccdla1bgxw57w268a586brm6x28fcm6x425ah0w07h")))) - (build-system go-build-system) + (version "1.36.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/containers/buildah") + (commit (string-append "v" version)))) + (sha256 + (base32 "1m02ncnjzvhl7rfwrxixs3qj316wkn1yq27nxa6vryih1gsndm89")) + (file-name (git-file-name name version)))) + (build-system gnu-build-system) (arguments - (list #:import-path "github.com/containers/buildah/cmd/buildah" - #:unpack-path "github.com/containers/buildah" - - ;; Some dependencies require go-1.18 to build. - #:go go-1.18 - - #:tests? #f - #:install-source? #f - #:phases - #~(modify-phases %standard-phases - (add-after 'unpack 'prepare-install-docs - (lambda* (#:key unpack-path #:allow-other-keys) - (substitute* (string-append "src/" - unpack-path - "/docs/Makefile") - (("../tests/tools/build/go-md2man") - (which "go-md2man"))) - (substitute* (string-append "src/" - unpack-path - "/docs/Makefile") - (("/usr/local") (string-append #$output))))) - (add-after 'build 'build-docs - (lambda* (#:key unpack-path #:allow-other-keys) - (let ((doc (string-append "src/" unpack-path "/docs"))) - (invoke "make" "-C" doc)))) - (add-after 'install 'install-docs - (lambda* (#:key unpack-path #:allow-other-keys) - (let ((doc (string-append "src/" unpack-path "/docs"))) - (invoke "make" "-C" doc "install"))))))) - (inputs (list btrfs-progs - cni-plugins - conmon + (list + #:make-flags + #~(list (string-append "CC=" #$(cc-for-target)) + (string-append "PREFIX=" #$output) + (string-append "GOMD2MAN=" + #$go-github-com-go-md2man "/bin/go-md2man")) + #:tests? #f ; /sys/fs/cgroup not set up in guix sandbox + #:test-target "test-unit" + #:imported-modules + (source-module-closure `(,@%gnu-build-system-modules + (guix build go-build-system))) + #:phases + #~(modify-phases %standard-phases + (delete 'configure) + (add-after 'unpack 'set-env + (lambda _ + ;; When running go, things fail because HOME=/homeless-shelter. + (setenv "HOME" "/tmp") + ;; Required for detecting btrfs in hack/btrfs* due to bug in GNU + ;; Make <4.4 causing CC not to be propagated into $(shell ...) + ;; calls. Can be removed once we update to >4.3. + (setenv "CC" #$(cc-for-target)))) + (replace 'check + (lambda* (#:key tests? #:allow-other-keys) + (when tests? + (invoke "make" "test-unit") + (invoke "make" "test-conformance") + (invoke "make" "test-integration")))) + (add-after 'install 'symlink-helpers + (lambda _ + (mkdir-p (string-append #$output "/_guix")) + (for-each + (lambda (what) + (symlink (string-append (car what) "/bin/" (cdr what)) + (string-append #$output "/_guix/" (cdr what)))) + ;; Only tools that cannot be discovered via $PATH are + ;; symlinked. Rest is handled in the 'wrap-buildah phase. + `((#$aardvark-dns . "aardvark-dns") + (#$netavark . "netavark"))))) + (add-after 'install 'wrap-buildah + (lambda _ + (wrap-program (string-append #$output "/bin/buildah") + `("CONTAINERS_HELPER_BINARY_DIR" = + (,(string-append #$output "/_guix"))) + `("PATH" suffix + (,(string-append #$crun "/bin") + ,(string-append #$gcc "/bin") ; cpp + ,(string-append #$passt "/bin") + "/run/setuid-programs"))))) + (add-after 'install 'remove-go-references + (@@ (guix build go-build-system) remove-go-references)) + (add-after 'install 'install-completions + (lambda _ + (invoke "make" "install.completions" + (string-append "PREFIX=" #$output))))))) + (inputs (list bash-minimal + btrfs-progs eudev glib gpgme libassuan libseccomp - lvm2 - runc)) + lvm2)) (native-inputs - (list go-github-com-go-md2man - gnu-make + (list bats + go-1.21 + go-github-com-go-md2man pkg-config)) (synopsis "Build @acronym{OCI, Open Container Initiative} images") (description |