Merge pull request #114821 from erosennin/catatonit

catatonit: init at 0.1.5, fix podman --init
2021-03-22 16:04:06 +02:00 · 2021-03-22 16:04:06 +02:00 · 04a37553f2
commit 04a37553f2
parent 2af47fc86a 5a251359a8
4 changed files with 52 additions and 1 deletions
--- a/nixos/modules/virtualisation/containers.nix
+++ b/nixos/modules/virtualisation/containers.nix
@ -118,8 +118,9 @@ in
      [network]
      cni_plugin_dirs = ["${pkgs.cni-plugins}/bin/"]

-      ${lib.optionalString (cfg.ociSeccompBpfHook.enable == true) ''
      [engine]
+      init_path = "${pkgs.catatonit}/bin/catatonit"
+      ${lib.optionalString (cfg.ociSeccompBpfHook.enable) ''
      hooks_dir = [
        "${config.boot.kernelPackages.oci-seccomp-bpf-hook}",
      ]
--- a/nixos/tests/podman.nix
+++ b/nixos/tests/podman.nix
@ -96,6 +96,15 @@ import ./make-test-python.nix (
          podman.succeed(su_cmd("podman ps | grep sleeping"))
          podman.succeed(su_cmd("podman stop sleeping"))
          podman.succeed(su_cmd("podman rm sleeping"))
+
+      with subtest("Run container with init"):
+          podman.succeed(
+              "tar cv -C ${pkgs.pkgsStatic.busybox} . | podman import - busybox"
+          )
+          pid = podman.succeed("podman run --rm busybox readlink /proc/self").strip()
+          assert pid == "1"
+          pid = podman.succeed("podman run --rm --init busybox readlink /proc/self").strip()
+          assert pid == "2"
    '';
  }
 )
--- a/pkgs/applications/virtualization/catatonit/default.nix
+++ b/pkgs/applications/virtualization/catatonit/default.nix
@ -0,0 +1,39 @@
+{ lib, stdenv, fetchFromGitHub, fetchpatch, autoreconfHook, glibc, nixosTests }:
+
+stdenv.mkDerivation rec {
+  pname = "catatonit";
+  version = "0.1.5";
+
+  src = fetchFromGitHub {
+    owner = "openSUSE";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "ciJ1MI7jr5P2PgxIykQ+BiwNUO8lQHGt0+U8CNbc5bI=";
+  };
+
+  patches = [
+    # Fix compilation with musl
+    (fetchpatch {
+      url = "https://github.com/openSUSE/catatonit/commit/75014b1c3099245b7d0f44f24d7f6dc4888a45fd.patch";
+      sha256 = "sha256-9VMNUT1U90ocjvE7EXYfLxuodDwTXXHYg89qqa5Jq0g=";
+    })
+  ];
+
+  nativeBuildInputs = [ autoreconfHook ];
+  buildInputs = lib.optionals (!stdenv.hostPlatform.isMusl) [ glibc glibc.static ];
+
+  doInstallCheck = true;
+  installCheckPhase = ''
+    readelf -d $out/bin/catatonit | grep 'There is no dynamic section in this file.'
+  '';
+
+  passthru.tests = { inherit (nixosTests) podman; };
+
+  meta = with lib; {
+    description = "A container init that is so simple it's effectively brain-dead";
+    homepage = "https://github.com/openSUSE/catatonit";
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ erosennin ] ++ teams.podman.members;
+    platforms = platforms.linux;
+  };
+}
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -197,6 +197,8 @@ in
    inherit (python3Packages) sphinx;
  };

+  catatonit = callPackage ../applications/virtualization/catatonit { };
+
  cen64 = callPackage ../misc/emulators/cen64 { };

  cereal = callPackage ../development/libraries/cereal { };