[Rpm-maint] [rpm-software-management/rpm] RFE: Standardize on OCI images for test-suite, even locally (Issue #2643)

Michal Domonkos notifications at github.com
Thu Sep 7 14:11:07 UTC 2023


To summarize again, these are our options to resolve the ticket:

### 1) No change, keep the native & podman backends

Image building:
* Done by a host specific script, typically with a native package manager (DNF/Zypper/...)

Container layering:
* Host and per-test isolation is done with Bubblewrap & OverlayFS

Pros:
* Iterative `make shell` development, without needing to throw the container away on each rebuild
* Ability to reuse the same DNF/Zypper/... wrapper for managing software in the test tree in `make env`
* Pristine image with no pre-existing RPM artifacts or unwanted software
* Separate backends optimized for different use cases (native development vs. portability)

Cons:
* Possibly more maintenance due to the use of the native package manager
* More complicated to support other hosts natively (e.g. OpenSUSE)

### 2) Use an OCI base image

Image building:
* Done by Podman/Docker using a host specific Dockerfile

Container layering:
* Host and per-test isolation is done with Bubblewrap & OverlayFS

Pros:
* Standard base image format
* Easier to support other hosts

Cons:
* Less convenient `make env` (no host specific package manager wrapper, needs manual use, e.g. `dnf --installroot=$RPMTEST` works but is not optimal, needs more options for local cache reuse or to suppress warnings, all of which is part of `mktree.fedora` already)
* Less control over the base image (still tweakable through the Dockerfile but more work)
* Additional dependency on the host (Podman/Docker)

### 3) Use OCI for full image & container management

Image building:
* Done by Podman/Docker using a host specific Dockerfile

Container layering:
* Host isolation is done by Podman/Docker natively (`podman run`)
* Per-test isolation is done with Bubblewrap & OverlayFS

Pros:
* Single dependency on the host (Podman or Docker)
* Same stack locally and in CI

Cons:
* Less convenient and more complex `make env` (mounting `$RPMTEST` would require a different containerization stack than what's used in the test-suite)
* Much less useful `make shell` (user changes to the container are dropped on each RPM rebuild)
* Docker is missing a lot features, e.g. no equivalent for `podman image mount` or `podman unshare`

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2643#issuecomment-1710226738
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/2643/1710226738 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20230907/ef9410b4/attachment.html>


More information about the Rpm-maint mailing list