Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Package up podman for vanilla Debian #1742

Closed
lsm5 opened this issue Nov 1, 2018 · 142 comments
Closed

Package up podman for vanilla Debian #1742

lsm5 opened this issue Nov 1, 2018 · 142 comments
Labels
locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. Packaging Bug is in a Podman package

Comments

@lsm5
Copy link
Member

lsm5 commented Nov 1, 2018

This is separate from the PPA work that's already being done. This issue will track efforts towards getting podman in vanilla Debian.

Update: Debian tickets

@lsm5
Copy link
Member Author

lsm5 commented Nov 1, 2018

@qiancai let's track Debian work here

@lsm5
Copy link
Member Author

lsm5 commented Nov 1, 2018

@qiancai I'm guessing we don't need to worry about SELinux for Debian and its downstreams. Do you see selinux-policy being a hard dependency somewhere?

@rhatdan
Copy link
Member

rhatdan commented Nov 1, 2018

SELinux should not be a hard dependency, but a Nice to Have.

@ghost
Copy link

ghost commented Nov 1, 2018

Debian developer complained that libpod and its dependencies were unversioned. Is that something worth solving?
https://lists.debian.org/debian-go/2018/11/msg00000.html

@mheon
Copy link
Member

mheon commented Nov 1, 2018

Libpod is versioned in lockstep with Podman - I consider version.go our definitive source of truth for versioning information on both.

We do have a number of unversioned dependencies, though - notably c/image and c/storage?

@lsm5
Copy link
Member Author

lsm5 commented Nov 1, 2018 via email

@ghost
Copy link

ghost commented Nov 1, 2018

Filed a container-selinux bug,

containers/container-selinux#57

@ghost
Copy link

ghost commented Nov 1, 2018

Filed a oci-systemd-hook bug,

projectatomic/oci-systemd-hook#107

In the meanwhile, skopeo works fine there. However, there are lots of vendors. Specifically, how about versioning containers/storage and containers/image if not done so yet? Then, I'll start to package skopeo first while waiting on fixing other blockers.

https://github.com/containers/skopeo/tree/master/vendor/github.com/containers

@mheon
Copy link
Member

mheon commented Nov 1, 2018

We no longer depend on oci-systemd-hook (for Podman at least) - it's not necessary if you aren't packaging CRI-O

@ghost
Copy link

ghost commented Nov 1, 2018

It turned out that podman still depend on oci-systemd-hook. See 57a8c2e

I can also help with running standalone runc systemd containers.

@ghost
Copy link

ghost commented Nov 1, 2018

Never mind. I got podman working with systemd containers without oci-systemd-hook, so I don't need to package oci-systemd-hook to Debian now.

@ghost
Copy link

ghost commented Nov 7, 2018

Filed bugs to tag repos.

containers/storage#232

containers/image#531

@ghost
Copy link

ghost commented Dec 7, 2018

I suppose this is not needed anymore. The easiest path looks like just to get podman into snap store.

https://snapcraft.io/search?category=server

It looks like anyone could create that for CRI-O/podman etc as well.

https://docs.snapcraft.io/creating-a-snap/6799

Any objection?

@rhatdan
Copy link
Member

rhatdan commented Dec 7, 2018

Do people with debian use Snapstore. Or just Ubuntu and its descendent?

But I have no objection.

@ghost
Copy link

ghost commented Dec 7, 2018

Looks like only Ubuntu and its descendant use snap store, but I suppose our goal is to reach the Ubuntu 's huge developer base.

@rhatdan
Copy link
Member

rhatdan commented Dec 7, 2018

Yup, That gets us to 95% of users, So much better then what we get now.

@ghost
Copy link

ghost commented Dec 7, 2018

Sounds good. I'll let @lsm5 get those in the snap store then, since he have already packaged everything to PPA. I'll help around if needed.

@lsm5
Copy link
Member Author

lsm5 commented Dec 12, 2018

I guess I'll defer this until I find out from kube maintainers if they're willing to include our tools on their apt repo.

@Silvanoc
Copy link

Snaps work on Debian, but it's like requiring the users of an Android App to install F-Droid to get it. It's feasible, but you will reach a smaller audience than if you use the Google Playstore.

I mean, there is already a package manager in Debian and it covers Debian, Ubuntu and much more. Snap is a Canonical kind of package manager that you will typically find only in Ubuntu and probably not so wide spread...

Would you offer libpod only as Flatpak for the RedHat-based distros?

I'm following the thread of CAI Qian trying to get a Debian package in the Go-Team and will try to support you on that effort. I already sent a message with the offer, but my e-mail client apparently missed-up with the thread-ID...

@vrothberg
Copy link
Member

Would you offer libpod only as Flatpak for the RedHat-based distros?

I don't think the comparison is fair as packaging go-tools for Debian is exponentially more complex given all dependencies (see ./vendor) must, in theory, be packaged separately. There is a clear clash of how software is being distributed conceptually, and all go-tools suffer from that in Debian.

I'm following the thread of CAI Qian trying to get a Debian package in the Go-Team and will try to support you on that effort. I already sent a message with the offer, but my e-mail client apparently missed-up with the thread-ID...

The good news is that we are working with the Debian community together to get the tools into the main repositories. @siretart is actually doing all the heavy lifting of packaging the dependencies in preparation to eventually package the tools.

@Silvanoc
Copy link

Silvanoc commented Feb 19, 2019

I don't think the comparison is fair as packaging go-tools for Debian is exponentially more complex given all dependencies (see ./vendor) must, in theory, be packaged separately. There is a clear clash of how software is being distributed conceptually, and all go-tools suffer from that in Debian.

I wasn't comparing the effort, but the audience that you reach and in that sense I find it's a more than fair comparison. Flatpak appears to have a wider usage than snap/snappy/snapstore.

WRT to the effort, I fully agree with you 😒

The good news is that we are working with the Debian community together to get the tools into the main repositories. @siretart is actually doing all the heavy lifting of packaging the dependencies in preparation to eventually package the tools.

Those are great news! 👍

@rhatdan
Copy link
Member

rhatdan commented Mar 8, 2019

Sad to say I think this is stalling again. Still huge hurdles to get over in order to get Go Programs packaged into Debian.

@siretart
Copy link
Contributor

I probably should have updated this issue more frequently, my apologies.

I think it is fair to say that significant progress is being done. At this point, I've packaged all dependencies for golang-github-containers-storage 1.5, and that package itself. It is currently in the review queue by the Debian ftp-masters for inclusion into the Debian archive. This is standard procedure, and takes a couple of weeks right now (the team's priority at this point is the upcoming freeze for Debian 10, and not the inclusion of experimental and NEW packages). Also cf. https://ftp-master.debian.org/new/golang-github-containers-storage_1.5-1.html and http://bugs.debian.org/921949

I'm currently working on packaging golang-github-openshift-imagebuilder, which progress is tracked in http://bugs.debian.org/923300. Note that while working on this, I was running into containers/storage#293, which luckily has been fixed much faster than I could have possibly wished for. Thank you so much for your assistance.

The next steps would be to wait for containers/storage to be ACCEPTED into the archive and update it to the most next version with the cleaned up docker dependencies. Then I can proceed to package containers/image, on which I've also started to work on. Progress for that is being tracked at http://bugs.debian.org/922842

Let me know if you have specific questions or concerns.

@siretart
Copy link
Contributor

Given the cheers on my last week's update, it seems that there is interest in status updates.

In the last week, containers/storage remains in the NEW queue, but I've managed to update it locally to version 1.11 and got it to build.

I'm still working on openshift/imagebuilder in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923300 and ran into some missing imports in the debian docker.io package. NB: In Debian, the plan is to use the distro provided version of docker.io (which is version 18.09.1-CE at this point), and not the exact git revision that vendor.conf happens to point to. It turns out that the debian source package misses to install some golang sources that are required for compiling openshift/imagebuilder, and have thus created https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924257 and added a patch to fix that. The package maintainer is responsive, has cleaned up the patch and asked me to upload it on his behalf to experimental together with an version upgrade to 18.09.03-CE. I was about to do so, but it turns out that there are additional sources missing, and openshift/imagebuilder#125 (comment) - Valentin is working on a fix for that in openshift/imagebuilder#127

@vrothberg
Copy link
Member

Thanks for the update, @siretart 🙏

rosaliagomez referenced this issue in containers/containers.github.io Mar 22, 2019
@rhatdan
Copy link
Member

rhatdan commented Apr 13, 2019

@siretart @vrothberg Is this still being worked on? Any progress?

@siretart
Copy link
Contributor

There is. Sorry for the late update.

I've updated / uploaded a couple of dependencies in Debian, all of which are now present in the Debian archive:

The docker.io package required additional work to expose some libraries required by golang-github-openshift-imagebuilder, cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924257.

I've worked on the golang-github-openshift-imagebuilder package, the most recent version can be seen here: https://salsa.debian.org/docker-team/docker/tree/experimental, progress on getting it into debian is here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923300 - in short, we are (still) waiting for golang-github-containers-storage to arrive into the archive.

On that front, we had a setback (cf. http://bugs.debian.org/921949#17): ftp-master REJECTED version 1.5 of the package with concerns about unclear copyright holder declarations. The response was not exactly constructive. I've asked for clarification, did an update to debian/copyright, updated the package to version 1.12.2, and reuploaded for review. This could have been avoided if the upstream package were more clear about who is holding the copyright. This recommendation applies to any upstream package.

Looking forward, I've filed containers/buildah#1437 and noticed only today that this seems to have been addressed (I didn't notice earlier because there was no status update on the issue). This allows me to proceed with preparing a package for buildah in salsa, and clarifies this as a dependency for podman/libpod.

Next steps:

  • Wait for ftp-master to ACCEPT containers/storage, which would enable me to upload imagebuilder for review. The Debian 10 release is really around the corner, so I'm not surprised that ftp-master prioritizes the new stable release over NEW package
  • prepare the buildah package
  • investigate what needs to be packaged for skopeo

@siretart
Copy link
Contributor

Not much progress, the NEW queue remains to be super slow.

I was able to build a somewhat "proper" skopeo package:

siretart@kaby:~$ which skopeo
/usr/bin/skopeo
siretart@kaby:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux buster/sid
Release:        testing
Codename:       buster
siretart@kaby:~$ which skopeo
/usr/bin/skopeo
siretart@kaby:~$ skopeo --version
skopeo version 0.1.35
siretart@kaby:~$ skopeo --help
NAME:
   skopeo - Various operations with container images and container image registries

USAGE:
   skopeo [global options] command [command options] [arguments...]

VERSION:
   0.1.35

COMMANDS:
     copy               Copy an IMAGE-NAME from one location to another
     inspect            Inspect image IMAGE-NAME
     delete             Delete image IMAGE-NAME
     manifest-digest    Compute a manifest digest of a file
     standalone-sign    Create a signature using local files
     standalone-verify  Verify a signature using local files
     help, h            Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --debug                  enable debug output
   --policy value           Path to a trust policy file
   --insecure-policy        run the tool without any policy check
   --registries.d DIR       use registry configuration files in DIR (e.g. for container signature storage)
   --override-arch ARCH     use ARCH instead of the architecture of the machine for choosing images
   --override-os OS         use OS instead of the running OS for choosing images
   --command-timeout value  timeout for the command execution (default: 0s)
   --help, -h               show help
   --version, -v            print the version

and buildah:

siretart@kaby:/srv/scratch/packages/containers$ which buildah
/usr/bin/buildah
siretart@kaby:/srv/scratch/packages/containers$ buildah --help
A tool that facilitates building OCI images

Usage:
  buildah [flags]
  buildah [command]

Available Commands:
  add                    Add content to the container
  build-using-dockerfile Build an image using instructions in a Dockerfile
  commit                 Create an image from a working container
  config                 Update image configuration settings
  containers             List working containers and their base images
  copy                   Copy content into the container
  from                   Create a working container based on an image
  help                   Help about any command
  images                 List images in local storage
  info                   Display Buildah system information
  inspect                Inspect the configuration of a container or image
  mount                  Mount a working container's root filesystem
  pull                   Pull an image from the specified location
  push                   Push an image to a specified destination
  rename                 Rename a container
  rm                     Remove one or more working containers
  rmi                    Remove one or more images from local storage
  run                    Run a command inside of the container
  tag                    Add an additional name to a local image
  umount                 Unmount the root file system of the specified working containers
  unshare                Run a command in a modified user namespace
  version                Display the Buildah version information

Flags:
      --debug                                print debugging information
  -h, --help                                 help for buildah
      --registries-conf string               path to registries.conf file (not usually used)
      --registries-conf-dir string           path to registries.conf.d directory (not usually used)
      --root string                          storage root dir (default "/var/lib/containers/storage")
      --runroot string                       storage state dir (default "/var/run/containers/storage")
      --storage-driver string                storage-driver
      --storage-opt strings                  storage driver option
      --userns-gid-map ctrID:hostID:length   default ctrID:hostID:length GID mapping to use
      --userns-uid-map ctrID:hostID:length   default ctrID:hostID:length UID mapping to use
      --version                              version for buildah

Use "buildah [command] --help" for more information about a command.
siretart@kaby:/srv/scratch/packages/containers$ buildah --version
buildah version 1.7.2 (image-spec 1.0.1, runtime-spec 1.0.1)

This required me to identify some API patches and backport them as distro patches: https://salsa.debian.org/go-team/packages/golang-github-containers-image/tree/master/debian/patches

Interest in those packages has been raised on the debian-go mailinglist: http://lists.debian.org/[email protected] - with the many package we have here, it is admittedly not easy to keep track of all dependencies. As next steps, I'll play with https://aptly.info to create a repository that backports all packages and dependencies required to build and run skopeo and buildah. I think I should be able to publish that on my https://people.debian.org/~siretart/ homepage.

I also briefly looked at packaging podman, and noticed that there are a number of additional dependencies that need to be packaged.

@lsm5
Copy link
Member Author

lsm5 commented Jan 20, 2020

Quick update, the install doc has been updated to include OBS repo setup. The debian maintainers can update the relevant sections once the official packages are shipped. HTH.

@lsm5 lsm5 removed their assignment Jan 20, 2020
@travier-anssi
Copy link

@lsm5 Thanks for the packaging work! This is very much appreciated!
The latest podman build from the Kubic project repository (podman_1.7.0~3) installs the "docker" man pages as well as the podman ones which makes this package conflict with Docker on a system with Docker already installed.

@lsm5
Copy link
Member Author

lsm5 commented Jan 27, 2020

@travier-anssi whoops, thought I disabled docker manpages, but apparently not, fixing..

@lsm5
Copy link
Member Author

lsm5 commented Jan 27, 2020

@lsm5 Thanks for the packaging work! This is very much appreciated!
The latest podman build from the Kubic project repository (podman_1.7.0~3) installs the "docker" man pages as well as the podman ones which makes this package conflict with Docker on a system with Docker already installed.

@travier-anssi #4747 (comment)

@rhatdan
Copy link
Member

rhatdan commented Feb 17, 2020

Can we close this one now? Is podman available from Debian?

@TomSweeneyRedHat
Copy link
Member

@lsm5 WDYT?

@anarcat
Copy link
Contributor

anarcat commented Feb 17, 2020

as far as the "from debian" side of things, podman is still waiting for approval in "NEW":

https://ftp-master.debian.org/new/libpod_1.6.4+dfsg-1.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930440

@lsm5
Copy link
Member Author

lsm5 commented Feb 18, 2020

@lsm5 WDYT?

I'm not opposed to closing this, but maybe community prefers this bug for tracking instead of the debian bugs listed above...

@rhatdan
Copy link
Member

rhatdan commented Feb 18, 2020

Since this is not an upstream issue, I will close it.

@rhatdan rhatdan closed this as completed Feb 18, 2020
@Silvanoc
Copy link

Even when this issue is closed, just to share the information with the people following this issue: Podman has been accepted to "unstable"! 🎉

Currently it's still on version 1.6.4, but I assume that an update will follow.

If some criteria are fulfilled, then the package moves automatically to testing. That will be the point where the masses will be able to start enjoying the effort of @onlyjob (thanks for it!).

@anarcat
Copy link
Contributor

anarcat commented May 19, 2020

for those wanting details of the debian package, i find that https://tracker.debian.org/pkg/libpod is a better URL to follow. packages.debian.org is more "user-facing" and tracker.debian.org is better for "developers" (including upstreams), and will show stuff like "has the package entered testing? why not? which versions are in which release? (including ubuntu if it diverges? yes!) is it behind upstream?" etc.

in this case, podman is blocked on https://tracker.debian.org/pkg/golang-github-openshift-imagebuilder which was failing to build on arm: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959538 (openshift/imagebuilder#160) for which a fix was uploaded today. :)

@siretart
Copy link
Contributor

Thanks anarcat for keeping this issue posted.

The packages in debian are currently lagging a few upstream releases behind, but the good news is that I already prepared updated packages and they work great for me on my laptop. The new packages needed a couple of dependencies updated and as soon as they make it to Debian, I can proceed with uploading the updates.

@ghost
Copy link

ghost commented Jul 9, 2020

Wish debian Sid support podman v2.0

@anarcat
Copy link
Contributor

anarcat commented Jul 9, 2020

Wish debian Sid support podman v2.0

I believe the right place to report that is not here but on the Debian bugtracker, which already knows about it. :)

It seems there's about a dozen dependencies missing...

@siretart
Copy link
Contributor

siretart commented Jul 17, 2020

I just uploaded it to experimental. Turns out not all dependency updates were needed and I could patch podman to avoid some of the more problematic ones caughdockercaugh.

The package should work just fine on a debian 'testing' system as well (that's what I have on my laptop). Just install the .deb package from experimental.

Coming up next: Getting this in shape for the upcoming Debian's "bullseye" release...

I guess the instructions on https://podman.io/getting-started/installation for Debian could be updated?

@Silvanoc
Copy link

@siretart why is it only available for i386? Specially when the provided GitLab CI pipeline specification is only running architecture amd64 for experimental...
I hope it's an error, because I'd be glad to test the package, but I'm not activating multiarch in my system only for this package 🙂

@yrro
Copy link
Contributor

yrro commented Jul 17, 2020

It failed to build on the other architectures: https://buildd.debian.org/status/package.php?p=libpod&suite=experimental

@siretart
Copy link
Contributor

siretart commented Jul 17, 2020

It seems there is an issue with /run/user/... on some (but not all) buildd nodes (and not on my machine). I'm on it I've just uploaded a workaround for that -- apparently some buildds have XDG_RUNTIME_DIR pointing to a non-writable location, go figure!

@siretart
Copy link
Contributor

FYI, I've just uploaded podman 2.0 to unstable: https://tracker.debian.org/pkg/libpod

@rhatdan
Copy link
Member

rhatdan commented Jul 20, 2020

Awesome @siretart Great work.

@Silvanoc
Copy link

I've just installed it (on Debian Testing/Bullseye) and a simple rootless "image pull" and "run" worked directly 👏

@Silvanoc
Copy link

2020-07-27 Podman 2 reached the last stage needed to get into Debian stable: https://tracker.debian.org/news/1163256/libpod-202dfsg1-3-migrated-to-testing/

We will see, if it makes its way to the next stable release. But by having reached "Testing" release it has become usable for most developers using containers (we tend to use "testing" on our development machines) and it will probably get its way into next Ubuntu release (derived from Debian Testing).

Current version on testing is 2.0.4. This is the page to follow it: https://tracker.debian.org/pkg/libpod

Great job @siretart ! I'm happy to see it happening.

@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 22, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. Packaging Bug is in a Podman package
Projects
None yet
Development

No branches or pull requests