Podman 3.4.4 is not compatible with bind mounts to intermediate containers

[prydom]

I get this error (https://github.com/prydom/my-ostree-build/actions/runs/11166346985/job/31040135532#step:3:2977):

[17:06:17 g.i/p/fedora-kinoite-laptop:br-switch-to-podman-42] => Error: error building at STEP "RUN --mount=type=bind,from=stage-keys,src=/keys,dst=/tmp/keys mkdir -p /etc/pki/containers/   mkdir -p /usr/etc/pki/containers/   && cp /tmp/keys/* /etc/pki/containers/   && cp /tmp/keys/* /usr/etc/pki/containers/   && ostree container commit": error resolving mountpoints for container "db9be687a794c40947584f6e5fc808d1a98ae7fc0d05ef4b76c81a6043496258": invalid mount type "bind"
[17:06:17 ERROR] => Failed:
  × Failed to build ghcr.io/prydom/fedora-kinoite-laptop:br-switch-to-podman-
  │ 42

~~This is somewhat annoying since Podman 4.9.3 is what is shipping with Ubuntu 24.04 LTS. I'm not sure we can do anything about this on Bluebuild's side but I did want to create an issue in case someone searches for a solution.~~

EDIT: This was silly user error. I thought that ubuntu-latest had already switched over to 24.04. See https://github.com/blue-build/cli/issues/235#issuecomment-2392336527 if you need to get this working on Ubuntu 22.04 (ubuntu-latest runner as of 2024-10-03)

Feel free to close this if there's nothing to do or discuss.

Workaround

I use the following in my Github Actions.

Note that ghcr.io/prydom/ostree-buildroot is just a fedora container with the tools needed to use bluebuild installed, see https://github.com/prydom/my-ostree-build/blob/main/buildroot/Containerfile.rawhide.

    container:
      image: ghcr.io/prydom/ostree-buildroot:rawhide
      options: --privileged
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4
      - name: Build Custom Image
        uses: ./.github/actions/bluebuild
        with:
          recipe: ${{ matrix.recipe }}
          cosign_private_key: ${{ secrets.SIGNING_SECRET }}
          registry_token: ${{ github.token }}
          pr_event_number: ${{ github.event.number }}
          use_unstable_cli: true

[gmpinder]

Wait did they remove support for bind mounts?!?! There's a requirement for podman version >=4 because that was the version that added it in.

[prydom]

I'm not sure what's going on. My Fedora container has version 5.2.3 (https://packages.fedoraproject.org/pkgs/podman/podman/) so there must be a regression.

[gmpinder]

Looks like that job was running on a 22.04 VM https://github.com/prydom/my-ostree-build/actions/runs/11166346985/job/31040135532#step:1:4

This doesn't have the correct version of podman installed. Looks like ubuntu-latest is set to change to 24.04 on Oct. 30th.

If you want faster build times you can add this to your action to install a newer version of podman (this is what we do for our action if using the squash feature):

    # Installs the latest version of Podman
    # that is compatible with BlueBuild
    - name: Setup Podman
      shell: bash
      run: |
        # from https://askubuntu.com/questions/1414446/whats-the-recommended-way-of-installing-podman-4-in-ubuntu-22-04
        ubuntu_version='22.04'
        key_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}/Release.key"
        sources_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}"
        echo "deb $sources_url/ /" | sudo tee /etc/apt/sources.list.d/devel-kubic-libcontainers-unstable.list
        curl -fsSL $key_url | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null
        sudo apt-get update
        sudo apt-get install -y podman

[prydom]

Ah good catch. I thought latest had already swapped over. I've verified it does indeed work fine if you use a correct runner image with Ubuntu 24.04. :blush: