1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
{ lib
, stdenv
, fetchFromGitHub
, pkg-config
, installShellFiles
, buildGoModule
, gpgme
, lvm2
, btrfs-progs
, libapparmor
, libseccomp
, libselinux
, systemd
, go-md2man
, nixosTests
, python3
, makeWrapper
, runtimeShell
, symlinkJoin
, extraPackages ? [ ]
, runc
, crun
, conmon
, slirp4netns
, fuse-overlayfs
, util-linux
, iptables
, iproute2
, catatonit
, gvproxy
, aardvark-dns
, netavark
, testers
, podman
}:
let
# do not add qemu to this wrapper, store paths get written to the podman vm config and break when GCed
binPath = lib.makeBinPath (lib.optionals stdenv.isLinux [
runc
crun
conmon
fuse-overlayfs
util-linux
iptables
iproute2
] ++ extraPackages);
helpersBin = symlinkJoin {
name = "podman-helper-binary-wrapper";
# this only works for some binaries, others may need to be be added to `binPath` or in the modules
paths = [
gvproxy
] ++ lib.optionals stdenv.isLinux [
aardvark-dns
catatonit # added here for the pause image and also set in `containersConf` for `init_path`
netavark
slirp4netns
];
};
in
buildGoModule rec {
pname = "podman";
version = "4.9.3";
src = fetchFromGitHub {
owner = "containers";
repo = "podman";
rev = "v${version}";
hash = "sha256-PdAXcXtc/Jl3ttWWB6TciiOwWescJ51Glhf2ZhOw550=";
};
patches = [
# we intentionally don't build and install the helper so we shouldn't display messages to users about it
./rm-podman-mac-helper-msg.patch
];
vendorHash = null;
doCheck = false;
outputs = [ "out" "man" ];
nativeBuildInputs = [ pkg-config go-md2man installShellFiles makeWrapper python3 ];
buildInputs = lib.optionals stdenv.isLinux [
btrfs-progs
gpgme
libapparmor
libseccomp
libselinux
lvm2
systemd
];
HELPER_BINARIES_DIR = "${PREFIX}/libexec/podman"; # used in buildPhase & installPhase
PREFIX = "${placeholder "out"}";
buildPhase = ''
runHook preBuild
patchShebangs .
substituteInPlace Makefile --replace "/bin/bash" "${runtimeShell}"
${if stdenv.isDarwin then ''
make podman-remote # podman-mac-helper uses FHS paths
'' else ''
make bin/podman bin/rootlessport bin/quadlet
''}
make docs
runHook postBuild
'';
installPhase = ''
runHook preInstall
${if stdenv.isDarwin then ''
install bin/darwin/podman -Dt $out/bin
'' else ''
make install.bin install.systemd
''}
make install.completions install.man
mkdir -p ${HELPER_BINARIES_DIR}
ln -s ${helpersBin}/bin/* ${HELPER_BINARIES_DIR}
wrapProgram $out/bin/podman \
--prefix PATH : ${lib.escapeShellArg binPath}
runHook postInstall
'';
postFixup = lib.optionalString stdenv.isLinux ''
RPATH=$(patchelf --print-rpath $out/bin/.podman-wrapped)
patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/.podman-wrapped
'';
passthru.tests = {
version = testers.testVersion {
package = podman;
command = "HOME=$TMPDIR podman --version";
};
} // lib.optionalAttrs stdenv.isLinux {
inherit (nixosTests) podman;
# related modules
inherit (nixosTests)
podman-tls-ghostunnel
;
oci-containers-podman = nixosTests.oci-containers.podman;
};
meta = with lib; {
homepage = "https://podman.io/";
description = "A program for managing pods, containers and container images";
longDescription = ''
Podman (the POD MANager) is a tool for managing containers and images, volumes mounted into those containers, and pods made from groups of containers. Podman runs containers on Linux, but can also be used on Mac and Windows systems using a Podman-managed virtual machine. Podman is based on libpod, a library for container lifecycle management that is also contained in this repository. The libpod library provides APIs for managing containers, pods, container images, and volumes.
To install on NixOS, please use the option `virtualisation.podman.enable = true`.
'';
changelog = "https://github.com/containers/podman/blob/v${version}/RELEASE_NOTES.md";
license = licenses.asl20;
maintainers = with maintainers; [ marsam ] ++ teams.podman.members;
};
}
|