-
Notifications
You must be signed in to change notification settings - Fork 125
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Podman gvproxy mamba #444
base: master
Are you sure you want to change the base?
Podman gvproxy mamba #444
Conversation
rolandknight
commented
Feb 9, 2024
- Update to podman to use gvproxy
- new gvproxy package
- update to micromamba to set MAMBA_EXE environment variable (needed for proper activation)
|
||
on "install" { | ||
mkdir { | ||
dir = "${HERMIT_ENV}/.hermit/podman" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately this won't do what you hope. Install hooks only trigger once per machine-wide install, so updating the Hermit environment isn't reliable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah. ok. so this should be on activation then?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's no real way to do what you want reliably in Hermit :(
Activation triggers when . ./bin/activate-hermit
is called, but it won't trigger when a binary is executed directly via ./bin/<foo>
, so it's not reliable. It's unfortunate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it only needs to be done once. if it's done immediately after install then all is good. if there is no way to do this, then the only solution is to replace podman with a shell script that takes care of the initialization if not done.
thoughts?
@@ -2,6 +2,7 @@ description = "A tool for managing OCI containers and pods." | |||
sha256-source = "https://github.com/containers/podman/releases/download/v${version}/shasums" | |||
binaries = ["podman"] | |||
source = "https://github.com/containers/podman/releases/download/v${version}/podman-remote-static-linux_${arch}.tar.gz" | |||
requires = [ "gvproxy" ] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ignoring the other issues, I won't merge this change. We don't want to set opinionated defaults in packages.
@@ -0,0 +1,50 @@ | |||
description = "gvproxy is a new network stack based on gVisor." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This package seems good though, happy to add it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok. will split the package off. and change the podman install to not depend of gvproxy and generate a setup script instead for gvproxy (rather than force the config). sound good?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I must admit I don't fully understand the relationship between the two. Does podman require gvproxy? Or is it an optional thing?
Either way, I would suggest those setup scripts should go in the gvproxy
package, not podman.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Podman is hard coded to use gvproxy. It cannot run without it and, when installing podman with brew, it automatically installs gvproxy as a dependency. I think having this as a dependency is fine. Theoretically, podman could use other VM proxy tools than gvproxy, but for now it's the only tool it uses. The result is quite nice - you can install podman with a single hermit install command and then build and run docker containers entirely in user space! No other installation required!