feat: use native podman build for linux

### What does this PR do? * Switches to using native podman building for Linux rather than using podman machine * Tested against using a manifest as well as a normal image. * Uses CLI commands the equivalant of doing `sudo podman run`. PD does not support running / viewing / using sudo root connections. So we use the CLI instead * Uses CLI commands for saving the image / importing as well. The reasoning is that importing requires `sudo` / privileged and retrieving via image ID does not work for saving via the API. ### Screenshot / video of UI  ### What issues does this PR fix or reference?  Closes containers#623 ### How to test this PR?  1. Try on Linux (Fedora 40 or above) 2. Go to build and it should ask for credentials after a few moments of building 3. Successful image build Signed-off-by: Charlie Drage <[email protected]>
cdrage · Aug 1, 2024 · 9e36328 · 9e36328
1 parent a118ea1
commit 9e36328
Show file tree

Hide file tree

Showing 16 changed files with 293 additions and 111 deletions.
diff --git a/README.md b/README.md
@@ -116,7 +116,7 @@ The list above is what is supported by the underlying `bootc-image-builder` tech
 
 ## Requirements
 
-### Requirement 1. Software and hardware requirements
+### Prerequisites: Software and hardware requirements
 
 **OS:**
 
@@ -126,7 +126,9 @@ Compatible on Windows, macOS & Linux
 * [Podman Desktop 1.10.0+](https://github.com/containers/podman-desktop)
 * [Podman 5.0.1+](https://github.com/containers/podman)
 
-### Requirement 2. Rootful mode on Podman Machine
+### Podman Machine (macOS / Windows)
+
+Podman Machine is required for macOS and Windows in order to run Podman as well as utilize filesystem privileges to build a disk image.
 
 Podman Machine requirements:
 * **Rootful mode enabled**
@@ -144,14 +146,14 @@ Or set when initially creating a Podman Machine via Podman Desktop:
 
 ![rootful setup](https://raw.githubusercontent.com/containers/podman-desktop-extension-bootc/main/docs/img/rootful_setup.png)
 
-**Linux users:** 
+### Escalated Privileges (Linux)
 
-On Linux, you are unable to create a Podman Machine through the GUI of Podman Desktop, to create a rootful Podman Machine you can run the following commands:
+During the build process, **you will be asked to enter your credentials** so that the bootc extension may run a `sudo podman run` underlying CLI command.
+
+Podman Desktop is ran as the logged-in user. However, bootc-image-builder requires escalated / sudo privileges to run a rootful container.
+
+You can find more information about what specific commands are being ran from the console logs of Podman Desktop.
 
-```sh
-podman machine init --memory 6144 --rootful
-podman machine start
-```
 
 ## Installation
 

diff --git a/packages/backend/src/api-impl.ts b/packages/backend/src/api-impl.ts
@@ -25,7 +25,7 @@ import { History } from './history';
 import * as containerUtils from './container-utils';
 import { Messages } from '/@shared/src/messages/Messages';
 import { telemetryLogger } from './extension';
-import { checkPrereqs } from './machine-utils';
+import { checkPrereqs, isLinux } from './machine-utils';
 
 export class BootcApiImpl implements BootcApi {
   private history: History;
@@ -240,6 +240,10 @@ export class BootcApiImpl implements BootcApi {
     telemetryLogger.logError(eventName, data);
   }
 
+  async isLinux(): Promise<boolean> {
+    return isLinux();
+  }
+
   // The API does not allow callbacks through the RPC, so instead
   // we send "notify" messages to the frontend to trigger a refresh
   // this method is internal and meant to be used by the API implementation

diff --git a/packages/backend/src/build-disk-image.spec.ts b/packages/backend/src/build-disk-image.spec.ts
@@ -21,7 +21,7 @@ import os from 'node:os';
 import {
   buildExists,
   createBuilderImageOptions,
-  createPodmanRunCommand,
+  createPodmanCLIRunCommand,
   getBuilder,
   getUnusedName,
 } from './build-disk-image';
@@ -279,7 +279,7 @@ test('check uses Centos builder', async () => {
   expect(builder).toEqual(bootcImageBuilderCentos);
 });
 
-test('create podman run command', async () => {
+test('create podman run CLI command', async () => {
   const name = 'test123-bootc-image-builder';
   const build = {
     image: 'test-image',
@@ -290,25 +290,35 @@ test('create podman run command', async () => {
   } as BootcBuildInfo;
 
   const options = createBuilderImageOptions(name, build);
-  const command = createPodmanRunCommand(options);
-
-  const expectedCommand = `podman run \\
-  --name test123-bootc-image-builder \\
-  --tty \\
-  --privileged \\
-  --security-opt label=type:unconfined_t \\
-  -v /Users/cdrage/bootc/qemutest4:/output/ \\
-  -v /var/lib/containers/storage:/var/lib/containers/storage \\
-  --label bootc.image.builder=true \\
-  ${bootcImageBuilderCentos} \\
-  test-image:latest \\
-  --output \\
-  /output/ \\
-  --local \\
-  --type \\
-  raw \\
-  --target-arch \\
-  amd64`;
+  const command = createPodmanCLIRunCommand(options);
+
+  // Expect an array of the above
+  const expectedCommand = [
+    'podman',
+    'run',
+    '--rm',
+    '--name',
+    'test123-bootc-image-builder',
+    '--tty',
+    '--privileged',
+    '--security-opt',
+    'label=type:unconfined_t',
+    '-v',
+    '/Users/cdrage/bootc/qemutest4:/output/',
+    '-v',
+    '/var/lib/containers/storage:/var/lib/containers/storage',
+    '--label',
+    'bootc.image.builder=true',
+    'quay.io/centos-bootc/bootc-image-builder:latest-1720185748',
+    'test-image:latest',
+    '--output',
+    '/output/',
+    '--local',
+    '--type',
+    'raw',
+    '--target-arch',
+    'amd64',
+  ];
 
   expect(command).toEqual(expectedCommand);
 });