Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI podman detection is not fully reliable #113129

Closed
Noratrieb opened this issue Jun 28, 2023 · 2 comments · Fixed by #116761
Closed

CI podman detection is not fully reliable #113129

Noratrieb opened this issue Jun 28, 2023 · 2 comments · Fixed by #116761
Labels
A-contributor-roadblock Area: Makes things more difficult for new contributors to rust itself T-infra Relevant to the infrastructure team, which will review and decide on the PR/issue.

Comments

@Noratrieb
Copy link
Member

podman is (by design) not fully compatible with docker when it comes to user permissions. Therefore, ./src/ci/docker/run.sh needs to look behind the docker curtain to figure out whether it's actually podman and opt out of the user isolation.

rust/src/ci/docker/run.sh

Lines 219 to 226 in eb76764

if [[ "$id" != 0 && "$(docker -v)" =~ ^podman ]]; then
# Rootless podman creates a separate user namespace, where an inner
# LOCAL_USER_ID will map to a different subuid range on the host.
# The "keep-id" mode maps the current UID directly into the container.
args="$args --env NO_CHANGE_USER=1 --userns=keep-id"
else
args="$args --env LOCAL_USER_ID=$id"
fi

With ubuntus docker podman compat package this works fine, because there docker --version prints something containing podman. But if you symlink docker to podman (something NixOS does if you set up docker-podman compat) then docker --version actually prints docker version 4.5.0. Podman outsmarts CI's detection.

I'm not sure about the ideal way to fix this, but docker system --help contains "manage podman" for me, so do whatever you want with this information.
@Noratrieb Noratrieb added the T-infra Relevant to the infrastructure team, which will review and decide on the PR/issue. label Jun 28, 2023
@Noratrieb
Copy link
Member Author

cc @cuviper who added this code

@cuviper
Copy link
Member

cuviper commented Jun 28, 2023

On Fedora, podman-docker's /usr/bin/docker is a quick shell script to exec /usr/bin/podman. So that process will have a podman argv[0], whereas a symlink will still look like docker. I'm guessing that's what --version is echoing.

Maybe docker version is a better choice? That gives me:

$ docker version
Client:       Podman Engine
Version:      4.5.1
API Version:  4.5.1
Go Version:   go1.20.4
Built:        Fri May 26 10:58:48 2023
OS/Arch:      linux/amd64

@jyn514 jyn514 added the A-contributor-roadblock Area: Makes things more difficult for new contributors to rust itself label Jun 30, 2023
@Noratrieb Noratrieb mentioned this issue Oct 15, 2023
Merged
@bors bors closed this as completed in 29d9877 Oct 19, 2023
rust-timer added a commit to rust-lang-ci/rust that referenced this issue Oct 19, 2023
@rust-timer
Unrolled build for rust-lang#116761
bfaf7f2 
Rollup merge of rust-lang#116761 - Nilstrieb:podman, r=cuviper

Fix podman detection in CI scripts

When docker-podman compat was set up in a way that causes "docker" to be the argv[0] of podman, the previous detection did not work. This was for example the case in the compat package from nixpkgs.

This checks the output and should work everywhere.

I tested it locally by executing
```sh
if [[ "$id" != 0 && "$(docker version)" =~ Podman ]]; then
    echo yes
else
    echo no
fi
```
which printed `no` before, and `yes` now.

fixes rust-lang#113129

r? cuviper
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-contributor-roadblock Area: Makes things more difficult for new contributors to rust itself T-infra Relevant to the infrastructure team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix podman detection in CI scripts Noratrieb/rust
3 participants
@cuviper @jyn514 @Noratrieb