[pkg-go] Bug#1020540: podman-remote should be built and offered as seperate package

Thu Sep 22 23:57:35 BST 2022

Package: podman
Version: 4.2.1-0.1
Severity: minor
Tags: patch
X-Debbugs-Cc: nolange79 at gmail.com

Hello,

I am aware of #1000521, I dont see it as resolved.

The problem is that you can run podman as service, and clients
can connect on for ex. an exposed unix socket.

Practical example is:

-   run rootless podman providing an unix socker
-   run an container jenkins/inbound-agent container
    binding that socket
-   provide a binary that takes the same arguments as docker
    while using the socket

Now the issue is, that you have to install podman and its many
dependencies in the jenkins/inbound-agent container.

Way better would be to use one of the simple remote-only clients,
this is a single file without any dependencies
(run ldd on both).

docker provides the docker-ce-cli package, podman the podman-remote
binary.

Debian should offer the package as independent package,
so client/server can be updated together.
Then containers can get a bind-mount to the host's
/usr/bin/podman-remote binary.


-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.16.0-6-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages podman depends on:
ii  conmon                           2.1.3+ds1-1
ii  crun                             1.5+dfsg-1+b1
ii  golang-github-containers-common  0.49.1+ds1-1
ii  libc6                            2.34-7
ii  libdevmapper1.02.1               2:1.02.185-1
ii  libgpgme11                       1.17.1-4.1
ii  libseccomp2                      2.5.4-1+b1

Versions of packages podman recommends:
pn  buildah                       <none>
pn  catatonit | tini | dumb-init  <none>
ii  dbus-user-session             1.14.0-2
pn  fuse-overlayfs                <none>
ii  slirp4netns                   1.2.0-1
ii  uidmap                        1:4.11.1+dfsg1-2

Versions of packages podman suggests:
ii  containers-storage  1.42.0+ds1-1
pn  docker-compose      <none>
ii  iptables            1.8.8-1

-- no debconf information
-------------- next part --------------
diff -burN a/debian/control b/debian/control

--- a/debian/control	2022-08-19 09:43:54.000000000 +0200
+++ b/debian/control	2022-08-19 09:43:54.000000000 +0200
@@ -131,6 +131,32 @@
  .
  Podman is a daemon-less alternative to Docker.
 
+Package: podman-remote
+Architecture: any
+Built-Using: ${misc:Built-Using}
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Description: engine to run OCI-based containers in Pods
+ Podman is an engine for running OCI-based containers in Pods.
+ Podman provides a CLI interface for managing Pods, Containers, and
+ Container Images.
+ .
+ At a high level, the scope of libpod and podman is the following:
+  * Support multiple image formats including the OCI and Docker image
+    formats.
+  * Support for multiple means to download images including trust & image
+    verification.
+  * Container image management (managing image layers, overlay filesystems,
+    etc).
+  * Full management of container lifecycle.
+  * Support for pods to manage groups of containers together.
+  * Resource isolation of containers and pods.
+  * Support for a Docker-compatible CLI interface through Podman.
+ .
+ Podman is a daemon-less alternative to Docker.
+ .
+ This package installs a smaller executable being only a
+ frontend to control a remote podman instance.
+
 Package: golang-github-containers-libpod-dev
 Architecture: all
 Depends: ${misc:Depends},
diff -burN a/debian/podman.install b/debian/podman.install
--- a/debian/podman.install	2022-08-19 09:43:54.000000000 +0200
+++ b/debian/podman.install	2022-08-19 09:43:54.000000000 +0200
@@ -1,5 +1,4 @@
 completions/zsh/_podman             /usr/share/zsh/vendor-completions
-completions/zsh/_podman-remote      /usr/share/zsh/vendor-completions
 cni/87-podman-bridge.conflist		/etc/cni/net.d/
 
 debian/etc/containers/libpod.conf	/etc/containers/
diff -burN a/debian/podman-remote.install b/debian/podman-remote.install
--- a/debian/podman-remote.install	1970-01-01 01:00:00.000000000 +0100
+++ b/debian/podman-remote.install	2022-08-19 09:43:54.000000000 +0200
@@ -0,0 +1,3 @@
+completions/zsh/_podman-remote      /usr/share/zsh/vendor-completions
+
+usr/bin/podman-remote
diff -burN a/debian/podman-remote.manpages b/debian/podman-remote.manpages
--- a/debian/podman-remote.manpages	1970-01-01 01:00:00.000000000 +0100
+++ b/debian/podman-remote.manpages	2022-08-19 09:43:54.000000000 +0200
@@ -0,0 +1 @@
+docs/build/man/podman-remote*.1
diff -burN a/debian/rules b/debian/rules
--- a/debian/rules	2022-08-19 09:43:54.000000000 +0200
+++ b/debian/rules	2022-09-23 00:38:15.821251178 +0200
@@ -36,6 +36,7 @@
 
 ## https://podman.io/getting-started/installation#build-tags
 BUILDTAGS := apparmor,ostree,seccomp,selinux,systemd
+BUILDTAGS_REMOTE := remote,exclude_graphdriver_btrfs,btrfs_noversion,exclude_graphdriver_devicemapper,containers_image_openpgp
 # containers_image_openpgp
 
 %:
@@ -45,6 +46,11 @@
 	$(MAKE) docs docker-docs
 
 #	LDFLAGS_PODMAN="-X main.gitCommit=$(GIT_COMMIT)"
+#   upstream Makefile calls `go build ... -o bin/podman-remote ./cmd/podman`
+#   dont know how I get dh_auto_build to do that.
+	dh_auto_build -v  --builddirectory=_output -- -tags "$(BUILDTAGS_REMOTE)" \
+          -ldflags "-X main.buildInfo=$(DEB_VERSION)"
+	mv _output/bin/podman _output/bin/podman-remote
 	dh_auto_build -v  --builddirectory=_output -- -tags "$(BUILDTAGS)" \
           -ldflags "-X main.buildInfo=$(DEB_VERSION)"
 
@@ -77,8 +83,6 @@
 
 # Disable dh_missing
 override_dh_missing:
-	# remove unwanted files, cf. #1000521
-	find debian -name '*podman-remote*' -ls -delete
 	dh_missing --list-missing -X goecho -X testvol -X version
 
 override_dh_installsystemd:
