Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support podman in make dev-tor #7163

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Support podman in make dev-tor #7163

wants to merge 1 commit into from

Conversation

legoktm
Copy link
Member

@legoktm legoktm commented May 24, 2024
edited by deeplow
Loading

Status

Ready for review

Description of Changes

Unfortunately podman volume and docker volume are not identical, podman will (sensibly) error if you try to create a volume that already exists unless you pass --ignore, which docker doesn't support.

So we conditionally add the needed flag depending on which tool we're using.

Testing

  • Visual review
  • Run make dev-tor twice under docker, make sure it works
  • Run make dev-tor twice under podman, make sure it works (I've done this laready)

Deployment

Any special considerations for deployment? n/a, dev only

Checklist

  • These changes do not require documentation

@legoktm legoktm requested a review from a team as a code owner May 24, 2024 18:45
@legoktm legoktm force-pushed the podman-volume branch 2 times, most recently from 9ac0808 to c9448ca Compare May 29, 2024 15:37
deeplow
deeplow requested changes Jun 3, 2024
View reviewed changes
Copy link
Contributor

@deeplow deeplow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for finding this, at the time when I added the onion persistence I guess I did not realize podman was also supported. The solution didn't work for me so I proposed an alternative.

There's also another thing that needs to be provider-agnostic: the make clean.

securedrop/bin/dev-shell Outdated Show resolved Hide resolved
@legoktm
Copy link
Member Author

legoktm commented Jun 3, 2024

Thanks for the suggestion, now applied and fixed make clean as well.

@deeplow
Copy link
Contributor

deeplow commented Jun 4, 2024

Thanks for the fixes. I was reviewing this but got blocked by #7174.

@deeplow
Copy link
Contributor

deeplow commented Jul 18, 2024

Thanks for the fixes. I was reviewing this but got blocked by #7174.

The above got resolved. However, I am having further challenges with podman, which seems to be beyond just make dev-tor, since it also fails with make dev.

Here's some truncated part of the output or USE_PODMAN=1 make dev

[...]

Exposed services will be available on localhost at
Source interface: http://127.0.0.1:8080
Journalist interface: http://127.0.0.1:8081
************************************************************
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
Unable to replace /dev/random
Starting to build Rust code
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.25s
Copying libredwood.so into package

[...]
Successfully installed redwood-0.1.0
WARNING: You are using pip version 21.1.1; however, version 24.1.2 is available.
You should consider upgrading via the '/opt/venvs/securedrop-app-code/bin/python3 -m pip install --upgrade pip' command.
███ Generating securedrop/config.py...

sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
make: *** [Makefile:250: dev] Error 1

Do you know what could be going on? I was on a disposable debian-12 VM on Qubes. Then I installed make and podman and ran USE_PODMAN=1 make dev.

@legoktm @deeplow
Support podman in make dev-tor
58705e4 
Unfortunately `podman volume` and `docker volume` are not identical,
podman will (sensibly) error if you try to create a volume that already
exists unless you pass `--ignore`, which docker doesn't support and is
only in podman 4.4+.

So we check with `$DOCKER_BIN inspect` first and only create the volume
if necessary.

And apply the same changes to `make clean` as well.

Co-authored-by: deeplow <francisco@freedom.press>
deeplow
deeplow approved these changes Sep 25, 2024
View reviewed changes
Copy link
Contributor

@deeplow deeplow left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Approving based on visual inspection alone since I can't seem to run this. This a minor dev-facing (non-default) option, so I'd say this can be fine.

However, it would be nice if someone else could test:

  • Run make dev-tor twice under docker, make sure it works
  • Run make dev-tor twice under podman, make sure it works (I've done this laready)

@deeplow deeplow mentioned this pull request Sep 25, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deeplow deeplow deeplow approved these changes

Assignees

@deeplow deeplow

Labels
None yet
Projects
SecureDrop dev cycle
Status: Blocked
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@legoktm @deeplow