From patchwork Fri Feb 16 21:14:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tomas Volf <~@wolfsden.cz> X-Patchwork-Id: 60440 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 5F14327BBE2; Fri, 16 Feb 2024 21:16:11 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,PDS_OTHER_BAD_TLD, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 2EB4F27BBE2 for ; Fri, 16 Feb 2024 21:16:07 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rb5Yg-0006Ub-7g; Fri, 16 Feb 2024 16:15:46 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rb5Yd-0006U3-Ip for guix-patches@gnu.org; Fri, 16 Feb 2024 16:15:44 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rb5Yd-00072f-AZ for guix-patches@gnu.org; Fri, 16 Feb 2024 16:15:43 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rb5Yw-00022G-Oi for guix-patches@gnu.org; Fri, 16 Feb 2024 16:16:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#69131] [PATCH v2 1/2] gnu: Add passt. References: In-Reply-To: Resent-From: Tomas Volf <~@wolfsden.cz> Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 16 Feb 2024 21:16:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 69131 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 69131@debbugs.gnu.org Cc: Tomas Volf <~@wolfsden.cz> Received: via spool by 69131-submit@debbugs.gnu.org id=B69131.170811810430239 (code B ref 69131); Fri, 16 Feb 2024 21:16:02 +0000 Received: (at 69131) by debbugs.gnu.org; 16 Feb 2024 21:15:04 +0000 Received: from localhost ([127.0.0.1]:60277 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rb5Xz-0007qM-E7 for submit@debbugs.gnu.org; Fri, 16 Feb 2024 16:15:04 -0500 Received: from wolfsden.cz ([37.205.8.62]:47962) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1rb5Xt-0007m1-Pf for 69131@debbugs.gnu.org; Fri, 16 Feb 2024 16:15:01 -0500 Received: by wolfsden.cz (Postfix, from userid 104) id 5071128DC96; Fri, 16 Feb 2024 21:14:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1708118076; bh=i6exJCvUROW3IdpnWD2FoCqpgmpoU323dH3eQxMqQE8=; h=From:To:Cc:Subject:Date; b=OCoccCKR/JXkYkrnpUP3UZ89UPoRIvCMXUkFeUhsExFmEyvmxZVWgrjJOdHOaWNDj w2KYsV8hph+AHxW3y27vpfxz3USvHsGNIj/jiIFWuf3bKOtp11oa0m1fKqt3ZtmQb4 hHs9i6MUeX914qKMDrScRev0BRXe52EaeSMJOLASDu6YpPe71fjC0bAPaibUyB0vVb cZupQ4wlkyZE8QZuYsgBu+Jgo8lEeY+Dk6fZQ6pcomn0vQgl68vb1q9sdiqtsvskbl oFMhh3t9G1qZkZ8ZlsmJP+A/uKVKuiEThnnZJeOHJ/WiuUb90QzoYdJKhi1dDXoj6u 2G3ea2lALSyTCHE0GMMzW7EdrDJL03vhyeUWFjnCA1wkCGpmZR6Mr1Eds/BUhl8lQf sgcPiI/kXJU6yuf4AoujNinFvKriqR6YF7GTGH8B7sm47s8DvFkBdLjLag52V9zyGX ELLxfgMovfGTOsWsRu4A4yeoKhfPxSzPbLTxONTePEhtss/+GFSMM6Dfu8fsWTJSEZ VrT/P0idtzKNX9U6HtvYSwCrHA5uXvkqUFeqm5MGA9nJ3dmF1VTvw25MWZhEYeJHIQ p1pxbbUggXI44ot2iNvI57OHICVh3CU/olmUIFh9GaNsV6tS/mkUvsWzsCJCNSoAow YTwHX6yB9oht4HOXqyVrSpRU= Received: from localhost (unknown [193.32.127.177]) by wolfsden.cz (Postfix) with ESMTPSA id 6C97528DBFE; Fri, 16 Feb 2024 21:14:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1708118075; bh=i6exJCvUROW3IdpnWD2FoCqpgmpoU323dH3eQxMqQE8=; h=From:To:Cc:Subject:Date; b=MKtDMIfQkH7N1lsLAeeUCZJLuX5hEw+9DHPb6zUm/hll8xBvki2um5ue8b1fvmXYa UsB/++S2dOEbOHE15xu6mmhM59RXFAiP2S7NpJhmvPQoIe0lVWaG0rznW4qwDHi+MF UnV6Egtx0UpTBesLSeoiidhCQLQrLH+pxNJ2xY3Q+W30Cafph4aUN+9A70QQAIQe0o NYhF2mCZCIBV/7v9qoArZIZVNomOahmNR0HPvmjwTX9+ZMmhhZIWycqoSihcChFNwB J2pIkdLxc85pTyc8UuPY6aHbX+HLG04sir+L2hKXtjY9qTfugBDS3gzyFTjf5hrXRM BR/m+F/CMhTiTfAMOSnOlmXJNrWg7eFYRm+sIawUxsMgFCoWp+7WgmaOp4L2XjLOrZ 0MnpX3EPV2PlpFhP5R+teu82wOK64UErBGh1fPsPSziUjpqfTecQTxeh7rqOY5OHV1 2yhTKa//O+nutLo7XcVYY1hq7eUEcZYbtoR5co3j8f4fljfr9Dax7Icw7xsagy1CB+ CbNlhzvTnPte91DOgowp/W/55J5W1CayAbr9bLOVspxjffQ7/vQioDCGnZKBIlOOtD vmyIHqNDLfLCmVdynd+SvmvjugRYnDwUkX5Kyev8EOCpSsunVNnemg4CoydkLY7MDE QZe9l2AQB32lvsRrFZAQjS6Y= From: Tomas Volf <~@wolfsden.cz> Date: Fri, 16 Feb 2024 22:14:26 +0100 Message-ID: X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/containers.scm (passt): New variable. Change-Id: I2ebdd9d4255a89a86fb196568215b74bb61cb3a6 --- gnu/packages/containers.scm | 40 +++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) base-commit: 7142f6df77bfac4fdc8da65a7caae915df945a8b diff --git a/gnu/packages/containers.scm b/gnu/packages/containers.scm index 2b5acdc3bc..5b79e8a446 100644 --- a/gnu/packages/containers.scm +++ b/gnu/packages/containers.scm @@ -248,6 +248,46 @@ (define-public slirp4netns network namespaces.") (license license:gpl2+))) +(define-public passt + (package + (name "passt") + (version "2023_12_30.f091893") + (source + (origin + (method url-fetch) + (uri (string-append "https://passt.top/passt/snapshot/passt-" version + ".tar.gz")) + (sha256 + (base32 "1nyd4h93qlxn1r01ffijpsd7r7ny62phki5j58in8gz021jj4f3d")))) + (build-system gnu-build-system) + (arguments + (list + #:make-flags + #~(list (string-append "CC=" #$(cc-for-target)) + "RLIMIT_STACK_VAL=1024" ; ¯\_ (ツ)_/¯ + (string-append "VERSION=" #$version) + (string-append "prefix=" #$output)) + #:tests? #f + #:phases + #~(modify-phases %standard-phases + (delete 'configure)))) + (home-page "https://passt.top") + (synopsis "Plug A Simple Socket Transport") + (description + "passt implements a thin layer between guest and host, that only +implements what's strictly needed to pretend processes are running locally. +The TCP adaptation doesn't keep per-connection packet buffers, and reflects +observed sending windows and acknowledgements between the two sides. This TCP +adaptation is needed as passt runs without the CAP_NET_RAW capability: it +can't create raw IP sockets on the pod, and therefore needs to map packets at +Layer-2 to Layer-4 sockets offered by the host kernel. + +Also provides pasta, which similarly to slirp4netns, provides networking to +containers by creating a tap interface available to processes in the +namespace, and mapping network traffic outside the namespace using native +Layer-4 sockets.") + (license (list license:gpl2+ license:bsd-3)))) + (define-public cni-plugins (package (name "cni-plugins") From patchwork Fri Feb 16 21:14:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tomas Volf <~@wolfsden.cz> X-Patchwork-Id: 60441 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id D0FA427BBE2; Fri, 16 Feb 2024 21:16:15 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 32CD827BBEA for ; Fri, 16 Feb 2024 21:16:11 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rb5Yf-0006US-Lz; Fri, 16 Feb 2024 16:15:45 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rb5Yd-0006U2-Cx for guix-patches@gnu.org; Fri, 16 Feb 2024 16:15:43 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rb5Yd-00072a-4O for guix-patches@gnu.org; Fri, 16 Feb 2024 16:15:43 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rb5Yw-00021U-BH for guix-patches@gnu.org; Fri, 16 Feb 2024 16:16:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#69131] [PATCH v2 2/2] gnu: podman: Update to 4.9.3. Resent-From: Tomas Volf <~@wolfsden.cz> Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 16 Feb 2024 21:16:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 69131 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 69131@debbugs.gnu.org Cc: Tomas Volf <~@wolfsden.cz> Received: via spool by 69131-submit@debbugs.gnu.org id=B69131.170811810330161 (code B ref 69131); Fri, 16 Feb 2024 21:16:02 +0000 Received: (at 69131) by debbugs.gnu.org; 16 Feb 2024 21:15:03 +0000 Received: from localhost ([127.0.0.1]:60275 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rb5Xy-0007oI-I6 for submit@debbugs.gnu.org; Fri, 16 Feb 2024 16:15:03 -0500 Received: from wolfsden.cz ([37.205.8.62]:47970) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1rb5Xu-0007m3-3w for 69131@debbugs.gnu.org; Fri, 16 Feb 2024 16:15:01 -0500 Received: by wolfsden.cz (Postfix, from userid 104) id 0201628D97A; Fri, 16 Feb 2024 21:14:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1708118078; bh=p4WRWDCdJ/Nk7Z8UR73g0L6KqtCm5c5pZFhfx2fBVdM=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=sak+vZlR0+0RPEqZj8rNDKTPI4Tvjjem0rLSvWWdB7o71YgaUAX/mWlh+ssUVm/57 tA+ALD5nH1cWaOkwC85ZO2NREE4CROQisTmJJed9LIfPV/VNjUtGpWzypuDWAvZwSb YQmDGMfSXFZI2wcsuF9JfenPm4g5+fUuMQIz7mLBj3Ht/dMShrfwYuXXfs4Uj6aJLD 99AukAwtyXNKAq0B8TUmaVsCTG2ljBMXeeBRcoqd5cS2UNPcxEySjji54/kvRIYTKU ZLMMwPtr5d4Lwdl+QMdHn49JAG0SOvqxY2CKiw5BIKiK86k6LfNtr6+3Gug60A7pLG DAdGfnloTnE0+LO0QBnWZ7K6wEFv3UC6/u2qjvdXiPlCAzUMYOrK6yxDbPFu+1LJQ5 ykN+RCJAMUUYC4PnH0HKmWjRr0W3/to5lnDNs9cB8UKAekGHKkkj+d9g8e6j2CTbTv hZLNHa60a19hTlV7xBJKSuDA6TqtZ3c4Yz+AHPzLmjqjVtXQxp0ZOsDNrldTQ4Yjrk fMzlqmUIKUEwyFLljVZjJMqdv7/RKUM0vH467uVXuGP9EiIKTv7TCjbIfZ94CmVhm+ Vvj3Lgx2E2JqnU2Wc24GSa+s+ok1u+jefRwbfL7XbMpE3VXVkz0u/RI3EhwARC1y5M dTVVLHCNlC3DEPcmrAFOaGxM= Received: from localhost (unknown [193.32.127.177]) by wolfsden.cz (Postfix) with ESMTPSA id 217D628EE1B; Fri, 16 Feb 2024 21:14:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1708118077; bh=p4WRWDCdJ/Nk7Z8UR73g0L6KqtCm5c5pZFhfx2fBVdM=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=nTV2EFDnXWRHuk6UipuiOboaz0yTVY9Z+sQpu2b0/YPLlNDJln8u/xqkYf6/KpPvH R45RIfGaskp2KC38WlmHLgcb2Rdlj8LA81kExEAUF9+LDIYaMGoLeZk1TJww7Lb4GM zZ/zDHLl4HoHNB0dH0r4u17fqP8RfLmJHOJcu2+kNTi6ht18c3QHSkVhXaDZWw9H0g 6eyRpkKF5bSor2bvjHNni9Y6Yp61OWuXN1ZV/0JDP7f1WgBSD5zq1QS86Uj897Ka6S fwHpf32/spmz9Dx8c7vl9dG9ChKFDeQAzjolW+H1bbS5+8GqzIckmbCCrT7ot2jZR8 L5Biy1hB7EBixiPRGOvYkpSQ+G9NEhbM4EXHpov83Y+mIn8iQ3bls5Xmzy/u/WQRyu ZUcVsdPnx0DN2IMyYnxXcBrwC6GIhw+6K4Tahi02/FTp7S9unZjnqI9J8NEgt1Jjd4 e9WwM8MydzBrXypCKPgWmKFRAjFSp3jdY7He92rwI4hQ5mwWe0op21JymKMWQbl7o0 tbRBo2kzXMsjxsY7NhNnV6z9NGfvA50kM65n1Us+xvYQlKDmYFns/+pwcbW7fQnMsv Lz+bjP4839hOs4MUoMf5xlPzDOf377D36o+tkJSdQHNdBHgaD2DMmSFWV1OaHLiNJ0 T5A1fy69C04kKCkYLtKJfmGA= From: Tomas Volf <~@wolfsden.cz> Date: Fri, 16 Feb 2024 22:14:27 +0100 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/containers.scm (podman): Update to 4.9.3. * gnu/packages/patches/podman-Modify-search-for-binaries-to-fit-Guix-model.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. Change-Id: If764e8456a697d16b76cd4ba1243cc5f633a6049 --- gnu/local.mk | 1 + gnu/packages/containers.scm | 24 ++-- ...earch-for-binaries-to-fit-Guix-model.patch | 120 ++++++++++++++++++ 3 files changed, 137 insertions(+), 8 deletions(-) create mode 100644 gnu/packages/patches/podman-Modify-search-for-binaries-to-fit-Guix-model.patch diff --git a/gnu/local.mk b/gnu/local.mk index becca7dd56..ddc14acb9c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1786,6 +1786,7 @@ dist_patch_DATA = \ %D%/packages/patches/plasp-fix-normalization.patch \ %D%/packages/patches/plasp-include-iostream.patch \ %D%/packages/patches/pocketfft-cpp-prefer-preprocessor-if.patch \ + %D%/packages/patches/podman-Modify-search-for-binaries-to-fit-Guix-model.patch \ %D%/packages/patches/pokerth-boost.patch \ %D%/packages/patches/ppsspp-disable-upgrade-and-gold.patch \ %D%/packages/patches/procps-strtod-test.patch \ diff --git a/gnu/packages/containers.scm b/gnu/packages/containers.scm index 5b79e8a446..b16ea26341 100644 --- a/gnu/packages/containers.scm +++ b/gnu/packages/containers.scm @@ -342,7 +342,7 @@ (define-public cni-plugins (define-public podman (package (name "podman") - (version "4.4.1") + (version "4.9.3") (source (origin (method git-fetch) @@ -353,8 +353,11 @@ (define-public podman ;; FIXME: Btrfs libraries not detected by these scripts. (snippet '(substitute* "Makefile" ((".*hack/btrfs.*") ""))) + (patches + (search-patches + "podman-Modify-search-for-binaries-to-fit-Guix-model.patch")) (sha256 - (base32 "0qbr6rbyig3c2hvdvmd94jjkg820hpdz6j7dgyv62dl6wfwvj5jj")) + (base32 "17g7n09ndxhpjr39s9qwxdcv08wavjj0g5nmnrvrkz2wgdqigl1x")) (file-name (git-file-name name version)))) (build-system gnu-build-system) @@ -381,10 +384,11 @@ (define-public podman (invoke "make" "remotesystem")))) (add-after 'unpack 'fix-hardcoded-paths (lambda _ - (substitute* (find-files "libpod" "\\.go") - (("exec.LookPath[(][\"]slirp4netns[\"][)]") - (string-append "exec.LookPath(\"" - (which "slirp4netns") "\")"))) + (substitute* "vendor/github.com/containers/common/pkg/config/config.go" + (("@SLIRP4NETNS_DIR@") + (string-append #$slirp4netns "/bin")) + (("@PASST_DIR@") + (string-append #$passt "/bin"))) (substitute* "hack/install_catatonit.sh" (("CATATONIT_PATH=\"[^\"]+\"") (string-append "CATATONIT_PATH=" (which "true")))) @@ -414,11 +418,12 @@ (define-public podman libassuan libseccomp libselinux + passt slirp4netns)) (native-inputs (list bats git - go-1.19 + go-1.21 ; strace ; XXX debug pkg-config python)) @@ -427,7 +432,10 @@ (define-public podman (description "Podman (the POD MANager) is a tool for managing containers and images, volumes mounted into those containers, and pods made from groups of -containers.") +containers. + +The @code{machine} subcommand is not supported due to gvproxy not being +packaged.") (license license:asl2.0))) (define-public buildah diff --git a/gnu/packages/patches/podman-Modify-search-for-binaries-to-fit-Guix-model.patch b/gnu/packages/patches/podman-Modify-search-for-binaries-to-fit-Guix-model.patch new file mode 100644 index 0000000000..27a9421285 --- /dev/null +++ b/gnu/packages/patches/podman-Modify-search-for-binaries-to-fit-Guix-model.patch @@ -0,0 +1,120 @@ +From 914aed3e04f71453fbdc30f4287e13ca3ce63a36 Mon Sep 17 00:00:00 2001 +From: Tomas Volf <~@wolfsden.cz> +Date: Wed, 14 Feb 2024 20:02:03 +0100 +Subject: [PATCH] Modify search for binaries to fit Guix model + +Podman basically looked into the $PATH and into its libexec. That does not fit +Guix's model very well, to an additional option to specify additional +directories during compilation was added. + +* pkg/rootless/rootless_linux.go +(tryMappingTool): Also check /run/setuid-programs. +* vendor/github.com/containers/common/pkg/config/config.go +(extraGuixDir): New function. +(FindHelperBinary): Use it. +* vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go +(guixLookupSetuidPath): New function. +(Start): Use it. +--- + pkg/rootless/rootless_linux.go | 3 +++ + .../containers/common/pkg/config/config.go | 23 +++++++++++++++++++ + .../storage/pkg/unshare/unshare_linux.go | 14 +++++++++-- + 3 files changed, 38 insertions(+), 2 deletions(-) + +diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go +index d303c8b..0191d90 100644 +--- a/pkg/rootless/rootless_linux.go ++++ b/pkg/rootless/rootless_linux.go +@@ -102,6 +102,9 @@ func tryMappingTool(uid bool, pid int, hostID int, mappings []idtools.IDMap) err + idtype = "setgid" + } + path, err := exec.LookPath(tool) ++ if err != nil { ++ path, err = exec.LookPath("/run/setuid-programs/" + tool) ++ } + if err != nil { + return fmt.Errorf("command required for rootless mode with multiple IDs: %w", err) + } +diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go +index 75b917f..ed2f131 100644 +--- a/vendor/github.com/containers/common/pkg/config/config.go ++++ b/vendor/github.com/containers/common/pkg/config/config.go +@@ -1102,6 +1102,24 @@ func findBindir() string { + return bindirCached + } + ++func extraGuixDir(bin_name string) string { ++ if (bin_name == "slirp4netns") { ++ return "@SLIRP4NETNS_DIR@"; ++ } else if (bin_name == "pasta") { ++ return "@PASST_DIR@"; ++ } else if (strings.HasPrefix(bin_name, "qemu-")) { ++ return "@QEMU_DIR@"; ++ } else if (bin_name == "gvproxy") { ++ return "@GVPROXY_DIR@"; ++ } else if (bin_name == "netavark") { ++ return "@NETAVARK_DIR@"; ++ } else if (bin_name == "aardvark-dns") { ++ return "@AARDVARK_DNS_DIR@"; ++ } else { ++ return ""; ++ } ++} ++ + // FindHelperBinary will search the given binary name in the configured directories. + // If searchPATH is set to true it will also search in $PATH. + func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error) { +@@ -1109,6 +1127,11 @@ func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error) + bindirPath := "" + bindirSearched := false + ++ if dir := extraGuixDir(name); dir != "" { ++ /* If there is a Guix dir, skip the PATH search. */ ++ dirList = append([]string{dir}, dirList...) ++ } ++ + // If set, search this directory first. This is used in testing. + if dir, found := os.LookupEnv("CONTAINERS_HELPER_BINARY_DIR"); found { + dirList = append([]string{dir}, dirList...) +diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go +index a8dc1ba..0b0d755 100644 +--- a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go ++++ b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go +@@ -26,6 +26,16 @@ import ( + "github.com/syndtr/gocapability/capability" + ) + ++func guixLookupSetuidPath(prog string) (string, error) { ++ path, err := exec.LookPath(prog) ++ if err != nil { ++ path, err = exec.LookPath("/run/setuid-programs/" + prog) ++ } ++ return path, err ++} ++ ++ ++ + // Cmd wraps an exec.Cmd created by the reexec package in unshare(), and + // handles setting ID maps and other related settings by triggering + // initialization code in the child. +@@ -237,7 +247,7 @@ func (c *Cmd) Start() error { + gidmapSet := false + // Set the GID map. + if c.UseNewgidmap { +- path, err := exec.LookPath("newgidmap") ++ path, err := guixLookupSetuidPath("newgidmap") + if err != nil { + return fmt.Errorf("finding newgidmap: %w", err) + } +@@ -297,7 +307,7 @@ func (c *Cmd) Start() error { + uidmapSet := false + // Set the UID map. + if c.UseNewuidmap { +- path, err := exec.LookPath("newuidmap") ++ path, err := guixLookupSetuidPath("newuidmap") + if err != nil { + return fmt.Errorf("finding newuidmap: %w", err) + } +-- +2.41.0 +