Published images do not include cpp

[iluminae]

Issue Description

the published images at quay.io/podman/stable (which I believe are created with contrib/podmanimage/stable/Containerfile) do not include cpp. This is used automatically by podman to build Containerfiles that include the suffix .in

Steps to reproduce the issue

Steps to reproduce the issue

1. create containerfile: echo "FROM scatch" > Containerfile.in
2. run image to build: podman run -v $PWD:/work -w /work quay.io/podman/stable podman build -f Containerfile.in .

Describe the results you received

Error: exec: "cpp": executable file not found in $PATH: .in support requires cpp to be installed

Describe the results you expected

Since Containerfile.in files are supported by podman, I expected this tool to be included. As a parallel, these images include ssh clients needed for podman to exec ssh, which is roughly the same.

podman info output

host:
  arch: amd64
  buildahVersion: 1.33.5
  cgroupControllers:
  - memory
  - pids
  cgroupManager: cgroupfs
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.10-1.fc39.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.10, commit: '
  cpuUtilization:
    idlePercent: 96.29
    systemPercent: 1.57
    userPercent: 2.14
  cpus: 16
  databaseBackend: sqlite
  distribution:
    distribution: fedora
    variant: container
    version: "39"
  eventLogger: file
  freeLocks: 2048
  hostname: c968bdc26c16
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 5.14.0-362.18.1.el9_3.x86_64
  linkmode: dynamic
  logDriver: k8s-file
  memFree: 767496192
  memTotal: 16486096896
  networkBackend: netavark                                                                   
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.10.0-1.fc39.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.10.0
    package: netavark-1.10.3-1.fc39.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.10.3
  ociRuntime:
    name: crun
    package: crun-1.14.3-1.fc39.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.14.3
      commit: 1961d211ba98f532ea52d2e80f4c20359f241a98
      rundir: /run/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20240220.g1e6f92b-1.fc39.x86_64
    version: |
      pasta 0^20240220.g1e6f92b-1.fc39.x86_64
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: false
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.2-1.fc39.x86_64
    version: |-
      slirp4netns version 1.2.2
      commit: 0ee2d87523e906518d34a6b423271e4826f71faf
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.3
  swapFree: 10720784384
  swapTotal: 17175670784
  uptime: 559h 2m 37.00s (Approximately 23.29 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.imagestore: /usr/lib/containers/storage
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: fuse-overlayfs-1.12-2.fc39.x86_64
      Version: |-
        fusermount3 version: 3.16.1
        fuse-overlayfs: version 1.12
        FUSE library version 3.16.1
        using FUSE kernel interface version 7.38
    overlay.mountopt: nodev,fsync=0
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 381622419456
  graphRootUsed: 133151006720
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Supports shifting: "true"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 0
  runRoot: /run/containers/storage
  transientStore: false
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 4.9.3
  Built: 1708357294
  BuiltTime: Mon Feb 19 15:41:34 2024
  GitCommit: ""
  GoVersion: go1.21.7
  Os: linux
  OsArch: linux/amd64
  Version: 4.9.3

Podman in a container

Yes

Privileged Or Rootless

Rootless

Upstream Latest Release

Yes

Additional environment details

Additional environment details

Additional information

Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting

[vrothberg]

Thanks for reaching out, @iluminae !

@cevich @TomSweeneyRedHat looks like we need to add cpp to the list of packages of the images.

[vrothberg]

The image would grow by 48 MB.

[Luap99]

I mean there are enough users that want smaller images so adding more packages will not help for that. How common is the cpp functionality really?

User can always build their own images with use quay.io/podman/stable as the base image to add any extra packages they want.

[vrothberg]

That is a fair point but we need to balance size against a documented feature not working out of the box.

[iluminae]

I am in the camp that currently has to install cpp into the container to use it. In CI, this is unfortunate as I either have to maintain a bespoke build image or install cpp every time (and man is dnf slow). I just thought I would bring up that as supported it seemed out of place that it would not have it in there.

[Luap99]

Yeah it is fair to bring this up, if enough people want to use cpp syntax then it is certainly worth to have it in by default.
So far this is the first I saw it.

[cevich]

IMHO it's not worth the extra space + dependencies. This is exactly why images are compose-able based on other images.

[iluminae]

wrt popularity of cpp use - anecdotally, its been quite critical to our success with podman - we have a highly parallelized (--jobs) build with many stages, and having them be composable in .in files (#include,#pragma once) has made a world of difference from having a 300 LOC single file.

[rhatdan]

I don't know why we have to have a small image for embedded podman versus functionality, given the choice I would go with functionality. We can look at other features to shrink the size, perhaps go back to fedora-minimal with dnf added. Can we remove timezone and language data?

@iluminae Interested in opening a PR to add cpp?

I am curios why the cpp package requires 48 Meg?

[TomSweeneyRedHat]

@cevich and I chatted briefly in another thread somewhere. We discussed possibly adding a new "minimal" or "stripped down" image. One that would have just what we thought was the bare necessities. Then another image that is a bit more buff and would work for most people out of the box, but be bigger.

My vote, I'd add CPP to the image, but not a strong vote. I would like to see us, when we have copious spare time, create a minimal image for Buildah, Podman, and Skopeo. That would be a fun little project.

[iluminae]

does it interest anyone to support a different cpp implementation? ucpp for example is 98k between ucpp-libs and ucpp.

edit: On second thought, that seems tough since we wire through CPPFLAGS in buildah

[iluminae]

Here is the PR if you guys want to just add cpp, if not - can close 🤷
containers/podman#21890

[rhatdan]

I think supporting ucpp makes some sense, I wish we could use the same path.

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[cevich]

Woops, lost track of this. Working on adding it now.