Running snapcraft with podman

abitrolly · December 16, 2018, 10:38am

podman allows to run Docker (and non-Docker) containers without any demons or root privileges. That means without sudo or asking your administrator to add you to docker group. It creates new user process that is isolated by Linux kernel itself.

On Fedora you can install podman with standard way dnf install podman, on Ubuntu there is an initiative to pack podman as a snap.

podman requires container image to run. Official Docker images are fine.

✗ podman run snapcore/snapcraft:beta snapcraft version

Locale not set! Snapcraft will temporarily use C.UTF-8
snapcraft, version 3.0.1

podman command line is fully compatible with Docker. To make something useful out if it, cd into directory with you project and run snapcraft image with current directory ($PWD) mounted as /src inside.

✗ podman run -v $PWD:/src:Z -w /src snapcore/snapcraft:beta snapcraft

:Z is needed for write access with SELinux on Fedora. -w changes current working directory inside container.

To be continued… (why you’d want to run snapcraft from container - “all your base” or “heavy (virtual) machines vs lightweight container builds”).

abitrolly · April 7, 2019, 8:48am

Packing podman itself into a snap was picked up by upstream, but then it’s gone. Waiting for response from libpod project.

Official Docker images of snapcraft that could be run with podman as of April 2019.

✗ podman run snapcore/snapcraft snapcraft --version
snapcraft, version 2.43.1
✗ podman run snapcore/snapcraft:latest snapcraft --version      
snapcraft, version 2.43.1
✗ podman run snapcore/snapcraft:stable snapcraft --version
Locale not set! Snapcraft will temporarily use C.UTF-8
snapcraft, version 2.43.1
✗ podman run snapcore/snapcraft:beta snapcraft --version
Locale not set! Snapcraft will temporarily use C.UTF-8
snapcraft, version '3.3'
✗ podman run snapcore/snapcraft:candidate snapcraft --version
Locale not set! Snapcraft will temporarily use C.UTF-8
snapcraft, version '3.3'
✗ podman run snapcore/snapcraft:edge snapcraft --version
Locale not set! Snapcraft will temporarily use C.UTF-8
snapcraft, version 3.3+git1.g46e3d17

snapcraft:beta is the best choice for now.

abitrolly · April 7, 2019, 2:20pm

Use core18 to switch off snapcraft compatibility mode with 2.x version.

base: core18

Then use --destructive-mode flag added in 3.x to build snap inside docker container.

podman run -v $PWD:/src:Z -w /src snapcore/snapcraft:beta snapcraft --destructive-mode

Unfortunately, this doesn’t work.

✗ podman run -v $PWD:/src:Z -w /src snapcore/snapcraft:beta snapcraft --destructive-mode -d
Locale not set! Snapcraft will temporarily use C.UTF-8
Using 'snap/snapcraft.yaml': Project assets will be searched for from the 'snap' directory.
Failed to get information for snap 'core18': could not connect to 'http+unix://%2Frun%2Fsnapd.socket/v2/snaps/core18'.

sergiusens · April 8, 2019, 6:37pm

This will not work, we have quirks in place for docker to warn and not install. We do not have a general mechanism in place to ignore this.

abitrolly · July 15, 2019, 7:58pm

@sergiusens I remember there was discussion about those specific quirks for Docker. Can you sum it up once again? If I remember correctly - Docker is a just a Linux container. Why a special quirk is needed?

I tried snapcraft 3.4.1 to build core18 snap from Ubuntu 18.04 container with --destructive-mode and without and it again failed with the message above.

$ podman run -it -v /home/anatoli/yakshaveinc/linux:/src:Z -w /src yakshaveinc/snapcraft:core18-edge snapcraft
Locale not set! Snapcraft will temporarily use C.UTF-8
Using 'snapcraft.yaml': Project assets will be searched for from the 'snap' directory.
You need 'multipass' set-up to build snaps: https://github.com/CanonicalLtd/multipass/releases.

$ podman run -it -v /home/anatoli/yakshaveinc/linux:/src:Z -w /src yakshaveinc/snapcraft:core18-edge snapcraft --destructive-mode
Locale not set! Snapcraft will temporarily use C.UTF-8
Using 'snapcraft.yaml': Project assets will be searched for from the 'snap' directory.
Failed to get information for snap 'core18': could not connect to 'http+unix://%2Frun%2Fsnapd.socket/v2/snaps/core18'.

ijohnson · July 15, 2019, 8:49pm

@abitrolly see my response to your other thread here: Building snaps without `snapd`

You should just have podman create that dockerenv file or if podman can’t do that, create it manually in your container before running snapcraft.

sergiusens · July 16, 2019, 4:20am

This is correct, and we have specific documentation on this too Creating docker images for snapcraft

abitrolly · January 6, 2020, 11:26am

Without proper filesystem isolation from host filesystem with SELinux and other surprises, working snapcraft with podman is not possible.

https://github.com/containers/libpod/issues/4794

abitrolly · May 26, 2020, 5:16pm

Another issue. Now with Python shutil.copy2 which misbehaves with SELinux volumes, and most podman installation are SELinux systems.