Re: [Buildroot] [PATCH next 1/1] utils/docker-run: check for podman before docker

From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: Julien Olivain <ju.o@free.fr>
Cc: Ricardo Martincoski <ricardo.martincoski@datacom.com.br>,
	buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH next 1/1] utils/docker-run: check for podman before docker
Date: Fri, 31 May 2024 22:09:12 +0200	[thread overview]
Message-ID: <ZlouaKs-LeeUbKc-@landeda> (raw)
In-Reply-To: <20240531195107.125727-1-ju.o@free.fr>

Julien, All,

On 2024-05-31 21:51 +0200, Julien Olivain spake thusly:
> Commit 9a629f5 "utils/docker-run: allow running with Podman" added an
> option on system providing the podman command. This case is mainly
> for Fedora systems.
> 
> Fedora repositories has a podman-docker package, that provide the
> docker command for compatibility. See [1].
> 
> When this package is installed on a Fedora system, both the docker and
> podman commands are available. Since the docker command is checked
> before podman, the --userns option is not passed in that case. This
> brings "permission denied" errors.
> 
> This commit inverses the command check order, to check for podman
> before docker. This makes sure this mechanisms will work when both
> commands.

When I applied the patch, my reasoning was that we wanted to keep
checking for docker first, to keep the current behaviour for those that
have docker-the-real-thing installed along with podman, to avoid any
surprise. So I think we should keep using docker if it is installed,
even if podman is installed too.

So...

> Note that the same behavior of the --userns=keepid option can be
> achieved by setting the environment variable "PODMAN_USERNS=keep-id".
> See podman-run man page [2].

Why can't we export PODMAN_USERNS=keep-id, and keep the ordering, like
so (elidded for brevity):

    if command -v docker >/dev/null; then
        DOCKER="docker"
    elif command -v podman >/dev/null; then
        DOCKER="podman"
    endif
    exec PODMAN_USERNS=keep-id ${DOCKER} run blablabla

That way, we keep to using docker first; if that is a real docker, it
would just not act on PODMAN_USERNS, but if it is podman-as-docker, then
it would honor it. If docker is not installed but podman is, then it
would also honor it.

Thoughts?

Regards,
Yann E. MORIN.

> [1] https://packages.fedoraproject.org/pkgs/podman/podman-docker/
> [2] https://docs.podman.io/en/latest/markdown/podman-run.1.html
> 
> Signed-off-by: Julien Olivain <ju.o@free.fr>
> ---
>  utils/docker-run | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/utils/docker-run b/utils/docker-run
> index 3dcabe2718b..51390945119 100755
> --- a/utils/docker-run
> +++ b/utils/docker-run
> @@ -29,11 +29,11 @@ declare -a mountpoints=(
>      "$(pwd)"
>  )
>  
> -if command -v docker >/dev/null; then
> -    DOCKER="docker"
> -elif command -v podman >/dev/null; then
> +if command -v podman >/dev/null; then
>      DOCKER="podman"
>      docker_opts+=( --userns=keep-id )
> +elif command -v docker >/dev/null; then
> +    DOCKER="docker"
>  else
>      echo "ERROR: Neither docker nor podman available!" >&2
>      exit 1
> -- 
> 2.45.1
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot