Add podman static build #5566
Add podman static build #5566
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: giuseppe, saschagrunert The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
saschagrunert
force-pushed
the
static-binary
branch
from
b03adb7 to
0a8f819
Compare
|
Just have to make the CI happy :) |
I feel rather objective toward that idea. There's a whole load of issues with static binaries working around NSS (breaking LDAP etc.). We don't provide static builds of Skopeo for that reason. If we allow for static builds, we need to make clear that this is not supported. I think we need some way in |
saschagrunert
force-pushed
the
static-binary
branch
from
0a8f819 to
a8472af
Compare
Do you recap which kind of issue that was? I'm not aware of any issues for example in conjunction with the CRI-O static binary bundle. |
|
Discussion here |
Thanks. To me it looks like an usual bug in golang which has been fixed long time ago, right? I would not say that this falls into the category of: load of issues with static binaries. WDYT? |
I don't see that bypassing NSS has been resolved. @mtrmac will know. |
|
This is an issue of support. It is likely that a static version of podman would not work well on a system that used nsswitch to modify the way host resolution worked. Or how UID/GID lookups worked. This is definitely not something we would want to 'SUPPORT', But I have no problem providing it for people to play with. I agree that |
Sounds good, I'll follow up with that on Monday if there are no further concerns. |
|
AFAIK the NSS situation remains the same (either dynamically link, or use a Go-only approximation of the default behavior, losing all NSS plugins). Separately, statically-building device-mapper and/or LVM, if nothing else, seems pretty scary. Is it safe to mix&match versions of libraries dealing with filesystems and user data on one system? My first, fairly strong, instinct is to say ”no, get tested packages from your distribution” (and that includes Nix). Admittedly I’ve been living in the distribution world for ages, so I’m not at all neutral. And we do see that whether one makes container builds or static builds difficult, one or the other tends to happen anyway just because users feel they need one of those. So it might be, after all, worthwhile to produce one of the two just to make sure most people use a known build instead of home-grown differently-patched one. Perhaps. I have no idea how prevalent are the uses of the static/container builds, just that at least one person probably makes one. |
|
☔ The latest upstream changes (presumably #5571) made this pull request unmergeable. Please resolve the merge conflicts. |
openshift-ci-robot
added
the
needs-rebase
saschagrunert
force-pushed
the
static-binary
branch
2 times, most recently
from
7d19775 to
0557f48
Compare
openshift-ci-robot
removed
the
needs-rebase
|
I added an additional PodmanLinkmode field to the |
saschagrunert
force-pushed
the
static-binary
branch
2 times, most recently
from
dc9c6d6 to
74d2843
Compare
|
Code LGTM, I'll leave it to others for the should/should not debate. Personally I think it's fine as long as it's documented. |
There was a problem hiding this comment.
I still have very mixed feelings about it and I frankly don't have time (or desire) to get into Nix, but as long as I don't have to maintain it, I am cool with it 🤣
What I would love to have is some visible statement that the nix stuff is not supported. Which further makes me wonder why to offer something that is not supported but I don't want to be the party pooper and really want some more opinions.
🤷♂️ I think if the majority does not want to have it then feel free to close it. |
|
Since this is an upstream project, support is best effort. We can document the short comings of this version and state what does and does not work. But if community wants it and is willing to deal with issues, then I have no problem doing it. |
|
☔ The latest upstream changes (presumably #5507) made this pull request unmergeable. Please resolve the merge conflicts. |
openshift-ci-robot
added
the
needs-rebase
|
I have a request #5765 points out |
|
I just added podman-remote-static, which was needed for CRC, @saschagrunert is this still something you are working on? |
saschagrunert
force-pushed
the
static-binary
branch
from
74d2843 to
0f280ff
Compare
openshift-ci-robot
removed
the
needs-rebase
Yes I updated the PR and also the suggestion from @jwhonce. Should I state somewhere explicitly that the static binary is not supported? I mean if we not ship it and podman info returns the "static" linkmode we should be probably fine already, right? |
Yes, please add a note in the README. If we don't make it explicit, users will not know. |
We’re now able to build a static podman binary based on a custom nix derivation. This is integrated in cirrus as well, whereas a later target would be to provide a self-contained static binary bundle which can be installed on any Linux x64-bit system. Fixes: containers#1399 Signed-off-by: Sascha Grunert <sgrunert@suse.com>
saschagrunert
force-pushed
the
static-binary
branch
from
0f280ff to
c21258b
Compare
| ## Static Binary Builds | ||
| The Cirrus CI integration within this repository contains a `static_build` job | ||
| which produces a static Podman binary for testing purposes. Please note that | ||
| this binary is not officially supported with respect to feature-completeness | ||
| and functionality and should be only used for testing. |
There was a problem hiding this comment.
Added the requested note here. ☝️
| ## Static Binary Builds | ||
| The Cirrus CI integration within this repository contains a `static_build` job | ||
| which produces a static Podman binary for testing purposes. Please note that | ||
| this binary is not officially supported with respect to feature-completeness | ||
| and functionality and should be only used for testing. |
|
/lgtm |
github-actions
bot
added
the
locked - please file new issue/PR
We’re now able to build a static podman binary based on a custom nix
derivation. This is integrated in cirrus as well, whereas a later target
would be to provide a self-contained static binary bundle which can be
installed on any Linux x64-bit system.
Fixes: #1399
Test it out yourself: