taylormonacelli · August 15, 2021 02:56
diff --git a/podman_install_step10.sh b/podman_install_step10.sh
 #!/bin/bash

 # install amazon-linux-extras

 yum -y update
 yum -y install amazon-linux-extras
 /usr/bin/amazon-linux-extras
diff --git a/podman_install_step20.sh b/podman_install_step20.sh
 #!/bin/bash

 # install epel-release

 PYTHON=python2 /usr/bin/amazon-linux-extras enable epel
 yum -y install epel-release
diff --git a/podman_install_step30.sh b/podman_install_step30.sh
 #!/bin/bash

 # copied directly from https://github.com/containers/podman/issues/8888#issuecomment-764997428

 sudo amazon-linux-extras disable docker
 sudo amazon-linux-extras install -y kernel-ng

 sudo yum check-update
 sudo yum install -y yum-utils yum-plugin-copr

 # this failed for me unless i switch back to root:
 sudo cat <<EOF > /etc/yum.repos.d/devel\:kubic\:libcontainers\:stable.repo
 [devel_kubic_libcontainers_stable]
 name=Stable Releases of Upstream github.com/containers packages (CentOS_7)
 type=rpm-md
 baseurl=https://provo-mirror.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_7/
 gpgcheck=0
 gpgkey=https://provo-mirror.opensuse.org/devel:/kubic:/libcontainers:/stable/CentOS_7/repodata/repomd.xml.key
 enabled=1
 EOF

 sudo yum copr enable -y lsm5/container-selinux

 sudo yum check-update
 sudo yum install -y podman slirp4netns

 test ! -f /etc/containers/seccomp.json && \
  sudo wget https://raw.githubusercontent.com/docker/labs/master/security/seccomp/seccomp-profiles/default.json -O /etc/containers/seccomp.json

 sudo grubby --update-kernel=ALL \
   --args="systemd.unified_cgroup_hierarchy=1 namespace.unpriv_enable=1 user_namespace.enable=1"

 echo "user.max_user_namespaces=10000" | sudo tee /etc/sysctl.d/98-userns.conf

 echo "$(id -un):100000:65536" | sudo tee -a /etc/subuid
 echo "$(id -un):100000:65536" | sudo tee -a /etc/subgid

 sudo yum install -y git-core autoconf gettext-devel automake libtool libxslt byacc libsemanage-devel

 mkdir -pv ~/src && cd ~/src
 git clone https://github.com/shadow-maint/shadow shadow-utils
 cd shadow-utils
 ./autogen.sh --prefix=/usr/local
 make -j $(nproc)

 sudo cp src/newgidmap src/newuidmap /usr/local/bin/

 sudo setcap cap_setuid+ep /usr/local/bin/newuidmap
 sudo setcap cap_setgid+ep /usr/local/bin/newgidmap
diff --git a/podman_install_step40.sh b/podman_install_step40.sh
 #!/bin/bash

 # copied directly from https://github.com/containers/podman/issues/8888#issuecomment-764997428

 podman system migrate
 podman version
 podman run hello-world:latest
	#!/bin/bash

	# install amazon-linux-extras

	yum -y update
	yum -y install amazon-linux-extras
	/usr/bin/amazon-linux-extras
	#!/bin/bash

	# install epel-release

	PYTHON=python2 /usr/bin/amazon-linux-extras enable epel
	yum -y install epel-release
	#!/bin/bash

	# copied directly from https://github.com/containers/podman/issues/8888#issuecomment-764997428

	sudo amazon-linux-extras disable docker
	sudo amazon-linux-extras install -y kernel-ng

	sudo yum check-update
	sudo yum install -y yum-utils yum-plugin-copr

	# this failed for me unless i switch back to root:
	sudo cat <<EOF > /etc/yum.repos.d/devel\:kubic\:libcontainers\:stable.repo
	[devel_kubic_libcontainers_stable]
	name=Stable Releases of Upstream github.com/containers packages (CentOS_7)
	type=rpm-md
	baseurl=https://provo-mirror.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_7/
	gpgcheck=0
	gpgkey=https://provo-mirror.opensuse.org/devel:/kubic:/libcontainers:/stable/CentOS_7/repodata/repomd.xml.key
	enabled=1
	EOF

	sudo yum copr enable -y lsm5/container-selinux

	sudo yum check-update
	sudo yum install -y podman slirp4netns

	test ! -f /etc/containers/seccomp.json && \
	sudo wget https://raw.githubusercontent.com/docker/labs/master/security/seccomp/seccomp-profiles/default.json -O /etc/containers/seccomp.json

	sudo grubby --update-kernel=ALL \
	--args="systemd.unified_cgroup_hierarchy=1 namespace.unpriv_enable=1 user_namespace.enable=1"

	echo "user.max_user_namespaces=10000" \| sudo tee /etc/sysctl.d/98-userns.conf

	echo "$(id -un):100000:65536" \| sudo tee -a /etc/subuid
	echo "$(id -un):100000:65536" \| sudo tee -a /etc/subgid

	sudo yum install -y git-core autoconf gettext-devel automake libtool libxslt byacc libsemanage-devel

	mkdir -pv ~/src && cd ~/src
	git clone https://github.com/shadow-maint/shadow shadow-utils
	cd shadow-utils
	./autogen.sh --prefix=/usr/local
	make -j $(nproc)

	sudo cp src/newgidmap src/newuidmap /usr/local/bin/

	sudo setcap cap_setuid+ep /usr/local/bin/newuidmap
	sudo setcap cap_setgid+ep /usr/local/bin/newgidmap
	#!/bin/bash

	# copied directly from https://github.com/containers/podman/issues/8888#issuecomment-764997428

	podman system migrate
	podman version
	podman run hello-world:latest