1 files changed, 22 insertions, 0 deletions

diff --git a/nixpkgs/pkgs/applications/virtualization/podman/wrapper.nix b/nixpkgs/pkgs/applications/virtualization/podman/wrapper.nix
index c9ec18593dff..fa3a50bc5357 100644
--- a/nixpkgs/pkgs/applications/virtualization/podman/wrapper.nix
+++ b/nixpkgs/pkgs/applications/virtualization/podman/wrapper.nix
@@ -1,7 +1,9 @@
 { podman-unwrapped
 , runCommand
 , makeWrapper
+, symlinkJoin
 , lib
+, stdenv
 , extraPackages ? []
 , podman # Docker compat
 , runc # Default container runtime
@@ -13,12 +15,19 @@
 , cni-plugins # not added to path
 , iptables
 , iproute2
+, catatonit
+, gvproxy
 }:
 
+# do not add qemu to this wrapper, store paths get written to the podman vm config and break when GCed
+
+# adding aardvark-dns/netavark to `helpersBin` requires changes to the modules and tests
+
 let
   podman = podman-unwrapped;
 
   binPath = lib.makeBinPath ([
+  ] ++ lib.optionals stdenv.isLinux [
     runc
     crun
     conmon
@@ -29,6 +38,18 @@ let
     iproute2
   ] ++ extraPackages);
 
+  helpersBin = symlinkJoin {
+    name = "${podman.pname}-helper-binary-wrapper-${podman.version}";
+
+    # this only works for some binaries, others may need to be be added to `binPath` or in the modules
+    paths = [
+      gvproxy
+    ] ++ lib.optionals stdenv.isLinux [
+      catatonit # added here for the pause image and also set in `containersConf` for `init_path`
+      podman.rootlessport
+    ];
+  };
+
 in runCommand podman.name {
   name = "${podman.pname}-wrapper-${podman.version}";
   inherit (podman) pname version passthru;
@@ -54,5 +75,6 @@ in runCommand podman.name {
   ln -s ${podman-unwrapped}/lib $out/lib
   ln -s ${podman-unwrapped}/share $out/share
   makeWrapper ${podman-unwrapped}/bin/podman $out/bin/podman \
+    --set CONTAINERS_HELPER_BINARY_DIR ${helpersBin}/bin \
     --prefix PATH : ${binPath}
 ''