restore rootless image builds

2024-03-13 12:11:49 +01:00 · 2024-03-13 12:11:49 +01:00 · 38859d58d0
parent a3e0f26ee4
commit 38859d58d0
2 changed files with 11 additions and 9 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -52,20 +52,18 @@ jobs:
          - DOCKER_IMAGE_FLAVOR: dind
            DOCKER_IMAGE_TAG_PREFIX: dind-
            GITEA_ACT_RUNNER_VERSION: latest
-          # https://github.com/rootless-containers/rootlesskit/issues/425
-          #- DOCKER_IMAGE_FLAVOR: dind-rootless
-          #  DOCKER_IMAGE_TAG_PREFIX: dind-rootless-
-          #  GITEA_ACT_RUNNER_VERSION: latest
+          - DOCKER_IMAGE_FLAVOR: dind-rootless
+            DOCKER_IMAGE_TAG_PREFIX: dind-rootless-
+            GITEA_ACT_RUNNER_VERSION: latest
          - DOCKER_IMAGE_FLAVOR: dood
            DOCKER_IMAGE_TAG_PREFIX: ""
            GITEA_ACT_RUNNER_VERSION: nightly
          - DOCKER_IMAGE_FLAVOR: dind
            DOCKER_IMAGE_TAG_PREFIX: dind-
            GITEA_ACT_RUNNER_VERSION: nightly
-          # https://github.com/rootless-containers/rootlesskit/issues/425
-          #- DOCKER_IMAGE_FLAVOR: dind-rootless
-          #  DOCKER_IMAGE_TAG_PREFIX: dind-rootless-
-          #  GITEA_ACT_RUNNER_VERSION: nightly
+          - DOCKER_IMAGE_FLAVOR: dind-rootless
+            DOCKER_IMAGE_TAG_PREFIX: dind-rootless-
+            GITEA_ACT_RUNNER_VERSION: nightly
      fail-fast: true

    steps:
--- a/image/Dockerfile
+++ b/image/Dockerfile
@ -135,12 +135,16 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
      # https://docs.docker.com/engine/security/rootless/
      (set -x; apt-get install --no-install-recommends -y \
        dbus-user-session \
-        docker-ce-rootless-extras \
+        `# docker-ce-rootless-extras` \
        kmod \
        iproute2 \
        slirp4netns \
        uidmap)

+      # workaround for "[rootlesskit:parent] error: failed to start the child: fork/exec /proc/self/exe: operation not permitted"
+      # see https://github.com/rootless-containers/rootlesskit/issues/425
+      (set -x; apt-get install --no-install-recommends -y docker-ce-rootless-extras=5:25.0.3-1~debian.12~bookworm --allow-downgrades)
+
      (set -x; rootlesskit --version)
      (set -x; runuser -u act -g act -- /usr/bin/dockerd-rootless-setuptool.sh install --skip-iptables)