Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Podman gvproxy mamba #444

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

rolandknight
Copy link
Contributor

  • Update to podman to use gvproxy
  • new gvproxy package
  • update to micromamba to set MAMBA_EXE environment variable (needed for proper activation)


on "install" {
mkdir {
dir = "${HERMIT_ENV}/.hermit/podman"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately this won't do what you hope. Install hooks only trigger once per machine-wide install, so updating the Hermit environment isn't reliable.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah. ok. so this should be on activation then?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's no real way to do what you want reliably in Hermit :(

Activation triggers when . ./bin/activate-hermit is called, but it won't trigger when a binary is executed directly via ./bin/<foo>, so it's not reliable. It's unfortunate.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it only needs to be done once. if it's done immediately after install then all is good. if there is no way to do this, then the only solution is to replace podman with a shell script that takes care of the initialization if not done.

thoughts?

@@ -2,6 +2,7 @@ description = "A tool for managing OCI containers and pods."
sha256-source = "https://github.com/containers/podman/releases/download/v${version}/shasums"
binaries = ["podman"]
source = "https://github.com/containers/podman/releases/download/v${version}/podman-remote-static-linux_${arch}.tar.gz"
requires = [ "gvproxy" ]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ignoring the other issues, I won't merge this change. We don't want to set opinionated defaults in packages.

@@ -0,0 +1,50 @@
description = "gvproxy is a new network stack based on gVisor."
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This package seems good though, happy to add it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok. will split the package off. and change the podman install to not depend of gvproxy and generate a setup script instead for gvproxy (rather than force the config). sound good?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I must admit I don't fully understand the relationship between the two. Does podman require gvproxy? Or is it an optional thing?

Either way, I would suggest those setup scripts should go in the gvproxy package, not podman.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Podman is hard coded to use gvproxy. It cannot run without it and, when installing podman with brew, it automatically installs gvproxy as a dependency. I think having this as a dependency is fine. Theoretically, podman could use other VM proxy tools than gvproxy, but for now it's the only tool it uses. The result is quite nice - you can install podman with a single hermit install command and then build and run docker containers entirely in user space! No other installation required!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants