github.com/containers/podman/v4@v4.9.4/contrib/podmanimage/upstream/Containerfile

github.com/containers/podman/v4@v4.9.4/contrib/podmanimage/upstream/Containerfile (about)

     1  # upstream/Containerfile
     2  #
     3  # Build a Podman container image from the latest
     4  # upstream version of Podman on GitHub.
     5  # https://github.com/containers/podman
     6  # This image can be used to create a secured container
     7  # that runs safely with privileges within the container.
     8  # The containers created by this image also come with a
     9  # Podman development environment in /root/podman.
    10  #
    11  FROM registry.fedoraproject.org/fedora:latest
    12  
    13  # Don't include container-selinux and remove
    14  # directories used by dnf that are just taking
    15  # up space.  The latest podman + deps. come from
    16  # https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/
    17  # TODO: rpm --setcaps... needed due to Fedora (base) image builds
    18  #       being (maybe still?) affected by
    19  #       https://bugzilla.redhat.com/show_bug.cgi?id=1995337#c3
    20  RUN dnf -y update && \
    21      rpm --setcaps shadow-utils 2>/dev/null && \
    22      dnf -y install 'dnf-command(copr)' --enablerepo=updates-testing && \
    23      dnf -y copr enable rhcontainerbot/podman-next && \
    24      dnf -y install podman fuse-overlayfs openssh-clients \
    25          --exclude container-selinux \
    26          --enablerepo=updates-testing && \
    27      dnf clean all && \
    28      rm -rf /var/cache /var/log/dnf* /var/log/yum.*
    29  
    30  RUN useradd podman; \
    31  echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \
    32  echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid;
    33  
    34  ARG _REPO_URL="https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable"
    35  ADD $_REPO_URL/containers.conf /etc/containers/containers.conf
    36  ADD $_REPO_URL/podman-containers.conf /home/podman/.config/containers/containers.conf
    37  
    38  RUN mkdir -p /home/podman/.local/share/containers && \
    39      chown podman:podman -R /home/podman && \
    40      chmod 644 /etc/containers/containers.conf
    41  
    42  # Copy & modify the defaults to provide reference if runtime changes needed.
    43  # Changes here are required for running with fuse-overlay storage inside container.
    44  RUN sed -e 's|^#mount_program|mount_program|g' \
    45             -e '/additionalimage.*/a "/var/lib/shared",' \
    46             -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \
    47             /usr/share/containers/storage.conf \
    48             > /etc/containers/storage.conf
    49  
    50  # Setup internal Podman to pass secrets/subscriptions down from host to internal container
    51  RUN printf '/run/secrets/etc-pki-entitlement:/run/secrets/etc-pki-entitlement\n/run/secrets/rhsm:/run/secrets/rhsm\n' > /etc/containers/mounts.conf
    52  
    53  # Note VOLUME options must always happen after the chown call above
    54  # RUN commands can not modify existing volumes
    55  VOLUME /var/lib/containers
    56  VOLUME /home/podman/.local/share/containers
    57  
    58  RUN mkdir -p /var/lib/shared/overlay-images \
    59               /var/lib/shared/overlay-layers \
    60               /var/lib/shared/vfs-images \
    61               /var/lib/shared/vfs-layers && \
    62      touch /var/lib/shared/overlay-images/images.lock && \
    63      touch /var/lib/shared/overlay-layers/layers.lock && \
    64      touch /var/lib/shared/vfs-images/images.lock && \
    65      touch /var/lib/shared/vfs-layers/layers.lock
    66  
    67  ENV _CONTAINERS_USERNS_CONFIGURED=""