From 91f8f8b38792d9a9ff9e91c04084472f4cc5fae0 Mon Sep 17 00:00:00 2001 From: Alex Pyrgiotis Date: Wed, 24 May 2023 22:28:05 +0300 Subject: [PATCH] ci: Install recommended Podman packages In Debian-based images, there are some Podman dependencies that are marked as recommended, but are essential for rootless containers. These dependencies will not be installed in our Dangerzone environments, due to the `--no-install-recommends` flag. Our approach was to find these dependencies through trial and error, and hardcode them in our image. Turns out though that there are some dependencies (e.g., `netavark`) that may be necessary in some Debian flavors, and not others. In order to not impact the readability of the env.py file, we prefer installing Podman with all of its recommended packages. On one hand, this will make the image size of our Debian-based Dangerzone environments slightly larger, but on the other hand, it will make CI tests less flaky. --- dev_scripts/env.py | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/dev_scripts/env.py b/dev_scripts/env.py index 7e5c188..0906a2f 100755 --- a/dev_scripts/env.py +++ b/dev_scripts/env.py @@ -71,15 +71,19 @@ RUN . /etc/os-release \ """ # FIXME: Do we really need the python3-venv packages? -# XXX: We install uidmap separately, because it is not a hard dependency for Podman, and -# we use --no-install-recommends. DOCKERFILE_BUILD_DEV_DEBIAN_DEPS = r""" ARG DEBIAN_FRONTEND=noninteractive +# NOTE: Podman has several recommended packages that are actually essential for rootless +# containers. Instead of specifying them by name, we can install Podman with all of its +# recommendations, which increases the image size, but makes the environment less flaky. RUN apt-get update \ - && apt-get install -y --no-install-recommends podman uidmap dh-python make \ - build-essential fakeroot fuse-overlayfs libqt5gui5 pipx python3 python3-dev \ - python3-venv python3-stdeb python3-all \ + && apt-get install -y podman \ + && rm -rf /var/lib/apt/lists/* +RUN apt-get update \ + && apt-get install -y --no-install-recommends dh-python make build-essential \ + fakeroot libqt5gui5 pipx python3 python3-dev python3-venv python3-stdeb \ + python3-all \ && rm -rf /var/lib/apt/lists/* # NOTE: `pipx install poetry` fails on Ubuntu Focal, when installed through APT. By # installing the latest version, we sidestep this issue. @@ -143,7 +147,7 @@ RUN cd /home/user/dangerzone && poetry --no-ansi install DOCKERFILE_BUILD_DEBIAN_DEPS = r""" ARG DEBIAN_FRONTEND=noninteractive RUN apt-get update \ - && apt-get install -y --no-install-recommends mupdf fuse-overlayfs \ + && apt-get install -y --no-install-recommends mupdf \ && rm -rf /var/lib/apt/lists/* """