Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nerdctl: init at 0.2.0 #106546

Merged
merged 1 commit into from Dec 13, 2020
Merged

nerdctl: init at 0.2.0 #106546

merged 1 commit into from Dec 13, 2020

Conversation

06kellyjac
Copy link
Member

@06kellyjac 06kellyjac commented Dec 10, 2020
edited

Motivation for this change

Package nerdctl

There is nerdctl-unwrapped which is as-is, and nerdctl which is wrapped with cni-plugins and buildkit to allow for networking and building containers.

Since there is nerdctl and nerdctl-unwrapped let me know if I need to change my commit message to fit contributing

https://github.com/AkihiroSuda/nerdctl#install

I'm not sure why podman and cri-o can get away with cni-plugins just being arguments & not even in the PATH.
https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/podman/wrapper.nix#L13
https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/virtualization/cri-o/wrapper.nix#L11
@adisbladis @zowoq

nerdctl will explicitly look for several cni-plugins binaries in /opt/cni/bin which is overridden with the env var CNI_PATH in the wrapped version.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS (x86_64)
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@06kellyjac
Copy link
Member Author

Result of nixpkgs-review pr 106546 run on x86_64-linux 1

2 packages built:
  • nerdctl
  • nerdctl-unwrapped

@ofborg ofborg bot requested a review from kalbasit December 10, 2020 12:41
@zowoq
Copy link
Contributor

zowoq commented Dec 10, 2020

I'm not sure why podman and cri-o can get away with cni-plugins just being arguments & not even in the PATH.

Both get cni-plugins from their module, the wrappers are only used for things they can find in $PATH without needing to set any config. We could set the path to cni-plugins in the wrapper but neither of them will work without enabling the module (or doing some manual setup on non-NixOS) anyway.

zowoq
zowoq reviewed Dec 10, 2020
View reviewed changes
pkgs/applications/networking/cluster/nerdctl/default.nix Outdated
"-w"
"-s"
"-X github.com/AkihiroSuda/nerdctl/pkg/version.Version=v${version}"
"-X github.com/AkihiroSuda/nerdctl/pkg/version.Revision=${commitSha}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A commit hash that hasn't been updated in a version bump often gets overlooked in reviews, the bot won't update it and if the revision is overridden it will be incorrect unless it is also updated to match. I'd suggest just using src.rev.

Suggested change
"-X github.com/AkihiroSuda/nerdctl/pkg/version.Revision=${commitSha}"
"-X github.com/AkihiroSuda/nerdctl/pkg/version.Revision=${src.rev}"

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've tried it before but it's just the same value as ${version}

#106543

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that's correct. Currently there isn't an easy way to get the git hash without setting it manually which then gets overlooked.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 I'm happy to leave it empty so it falls back to it's default value (<unknown>) but I can put src.rev if you'd prefer

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

src.rev is useful if the revision is overridden to point to another commit.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. I'm now specifically setting it to it's default of <unknown>

https://github.com/06kellyjac/nixpkgs/blob/nerdctl/pkgs/applications/networking/cluster/nerdctl/default.nix#L35

@06kellyjac
Copy link
Member Author

So if I understand correctly the binary itself during normal use doesn't require it but it's the module which starts the daemon that then points to the cni-plugins dir?

In this case with nerdctl I belive it needs the cni-plugins itself regardless of whether containerd is using them so adding it via the wrapper looks like the right choice

@06kellyjac
Copy link
Member Author

Result of nixpkgs-review pr 106546 run on x86_64-linux 1

2 packages built:
  • nerdctl
  • nerdctl-unwrapped

@zowoq
Copy link
Contributor

zowoq commented Dec 11, 2020

So if I understand correctly the binary itself during normal use doesn't require it but it's the module which starts the daemon that then points to the cni-plugins dir?

Neither will work at all without the module or the user doing manual setup. Besides cni-plugins they require config files hardcoded to etc/containers.

@zowoq zowoq merged commit 54121ff into NixOS:master Dec 13, 2020
@06kellyjac 06kellyjac deleted the nerdctl branch December 13, 2020 21:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zowoq zowoq zowoq left review comments

@kalbasit kalbasit Awaiting requested review from kalbasit

Assignees
No one assigned
Labels
8.has: package (new) 10.rebuild-darwin: 0 10.rebuild-linux: 1-10 10.rebuild-linux: 1 11.by: package-maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@06kellyjac @zowoq