Re: [docs] [yocto-docs PATCH] Add scripts to build the docs in containers

[Quentin Schulz <quentin.schulz@cherry.de>]

Hi Antonin,

On 12/3/24 1:24 PM, Antonin Godard wrote:
> Hi Quentin,
> 
> On Tue Dec 3, 2024 at 12:37 PM CET, Quentin Schulz wrote:
>> Hi Antonin,
>>
>> On 12/3/24 11:48 AM, Antonin Godard wrote:
>>> Hi Quentin,
>>>
>>> On Fri Nov 29, 2024 at 4:01 PM CET, Antonin Godard wrote:
>>> [...]
>>>>>> +  fi
>>>>>> +
>>>>>> +  $CONTAINERCMD run \
>>>>>> +    --rm --interactive --tty \
>>>>>> +    --volume "$DOCS_DIR:/docs:rw" \
>>>>>> +    --workdir "/docs" \
>>>>>> +    $EXTRA_ARGS_RUN \
>>>>>> +    "yocto-docs-$image" \
>>>>>
>>>>> please prepend the image name with localhost/ to be sure we don't end up
>>>>> downloading some yocto-docs-ubuntu from docker.io for example :)
>>>>
>>>> Nice tip, didn't know about that one, thanks :)
>>>
>>> Hm, this doesn't seem to work for me, and I couldn't find anything on the net
>>> that shows this. Is there something I'm missing?
>>>
>>>     Unable to find image 'localhost/yocto-docs-ubuntu-24-04:latest' locally
>>>     docker: Error response from daemon: Get "http://localhost/v2/": dial tcp [::1]:80: connect: connection refused.
>>>
>>>
>>> Building an image named "localhost/..." will work, but I think it's just
>>> building an image with the name "localhost/...". Not really building something
>>> local.
>>>
>>
>> $ cat Containerfile
>> FROM debian:bookworm-slim
>> $ podman build -f Containerfile -t test-image:latest
>> [...]
>> $ podman image ls | grep test-image:latest
>> localhost/test-image
>> latest                b2ac1dc43440  14 months ago  156 MB
>> $ podman run -it --userns=keep-id localhost/test-image
>> qschulz@e706c5542422:/$
>> $ cat Containerfile.from
>> FROM localhost/test-image
>> $ podman build -f Containerfile.from -t another-image:latest
>> [...]
>> $ podman run -it --userns=keep-id localhost/another-image
>> qschulz@4e1f3229a196:/$
>>
>> On Fedora 41.
>>
>> Could possibly be yet another difference with Docker?
> 
> I think that's it. Supported by podman but not docker, as I had no issue doing
> this with podman in the end.
> 
>> I couldn't find a way to force fully qualified names from the CLI (one
>> can do that with podman on fedora by removing
>> unqualified-search-registries in /etc/containers/registries.conf I
>> believe). I guess maybe --block-registry '*' would work, but still not
>> sure this is something supported by Docker either, /me shrugs.
> 
> For simplicity and compatibility, I guess we can leave it as that (no
> localhost/). In the second iteration of my patch I will merge the two scripts
> into one (also for simplicity), so there should be no way to reach the run
> command without actually building the container prior.
> 

I think it could still be possible if one pulls an image from a registry 
which has the short name identical to the local image without localhost/ 
prefix.

I tried with:

1. podman build -f Containerfile -t sean0x42/markdown-extract
2. podman run -it --userns=keep-id --user root sean0x42/markdown-extract
3. podman run -it --userns=keep-id --user root 
docker.io/sean0x42/markdown-extract
4. podman run -it --userns=keep-id --user root sean0x42/markdown-extract
5. podman build -f Containerfile -t sean0x42/markdown-extract
6. podman run -it --userns=keep-id --user root sean0x42/markdown-extract
7. podman run -it --userns=keep-id --user root 
localhost/sean0x42/markdown-extract

2. would use my local image
3. would use docker.io's
4. would use docker,io's
6. would use docker.io's
7. would use my local image

Not sure we should care that much about it though.

Cheers,
Quentin