feat: Default to Podman Socket

Update s2i's defaults to inspect the host system for Podman sockets.
Podman socket provides support for the Docker v1.40 API, which meets
s2i's needs. The logic looks for the podman socket in the following
order:

1. Rootless podman socket
2. Root podman socket
3. Docker socket

If none are found, the default falls back to the docker socket. As
before, the `--url` and `DOCKER_HOST` environment variables can
override the container engine socket location.

Signed-off-by: Adam Kaplan <[email protected]>

Author: adambkaplan

pkg/docker/util.go

@@ -30,7 +30,8 @@ var (
 	log = utillog.StderrLog
 
 	// DefaultEntrypoint is the default entry point used when starting containers
-	DefaultEntrypoint = []string{"/usr/bin/env"}
+	DefaultEntrypoint   = []string{"/usr/bin/env"}
+	DefaultPodmanSocket = filepath.Join("/run", "podman", "podman.sock")
 )
 
 // AuthConfigurations maps a registry name to an AuthConfig, as used for
@@ -434,7 +435,7 @@ func GetDefaultDockerConfig() *api.DockerConfig {
 	cfg := &api.DockerConfig{}
 
 	if cfg.Endpoint = os.Getenv("DOCKER_HOST"); cfg.Endpoint == "" {
-		cfg.Endpoint = client.DefaultDockerHost
+		cfg.Endpoint = GetDefaultContainerEngineHost()
 	}
 
 	certPath := os.Getenv("DOCKER_CERT_PATH")
@@ -457,6 +458,36 @@ func GetDefaultDockerConfig() *api.DockerConfig {
 	return cfg
 }
 
+// GetDefaultContainerEngineHost returns a default container engine socket address. It checks the
+// following locations for a container engine socket:
+//
+// 1. Rootless podman socket: unix://$XDG_RUNTIME_DIR/podman/podman.sock
+// 2. "Rootful" podman socket: unix:///run/podman/podman.sock
+// 3. Docker socket: unix:///var/run/docker.sock
+func GetDefaultContainerEngineHost() string {
+	podmanSockets := []string{}
+
+	// Podman socket provides a unix socket that is directly compatible with Docker
+	// There are two modes the socket can be provided:
+	//
+	// 1) "rootless" - runs as nonroot, with socket at $XDG_RUNTIME_DIR/podman/podman.sock
+	// 2) "rootful" - runs as root, with socket at /run/podman/podman.sock
+
+	if runtimeDir, ok := os.LookupEnv("XDG_RUNTIME_DIR"); ok {
+		podmanSockets = append(podmanSockets, filepath.Join(runtimeDir, "podman", "podman.sock"))
+	}
+	podmanSockets = append(podmanSockets, DefaultPodmanSocket)
+
+	for _, socket := range podmanSockets {
+		if _, err := os.Stat(socket); err == nil {
+			return fmt.Sprintf("unix://%s", socket)
+		}
+	}
+
+	// Fall back to default docker socket.
+	return client.DefaultDockerHost
+}
+
 // GetAssembleUser finds an assemble user on the given image.
 // This functions receives the config to check if the AssembleUser was defined in command line
 // If the cmd is blank, it tries to fetch the value from the Builder Image defined Label (assemble-user)

pkg/docker/util_test.go

@@ -1,9 +1,12 @@
 package docker
 
 import (
+	"fmt"
 	"os"
+	"path/filepath"
 	"testing"
 
+	"github.com/docker/docker/client"
 	"github.com/openshift/source-to-image/pkg/api"
 	"github.com/openshift/source-to-image/pkg/api/constants"
 	"github.com/openshift/source-to-image/pkg/util/user"
@@ -233,14 +236,17 @@ func TestGetDefaultDockerConfig(t *testing.T) {
 		},
 	}
 	for _, tc := range tests {
+		oldXdgRuntimeDir := os.Getenv("XDG_RUNTIME_DIR")
 		oldHost := os.Getenv("DOCKER_HOST")
 		oldCertPath := os.Getenv("DOCKER_CERT_PATH")
 		oldTLSVerify := os.Getenv("DOCKER_TLS_VERIFY")
 		oldTLS := os.Getenv("DOCKER_TLS")
+		os.Setenv("XDG_RUNTIME_DIR", "")
 		os.Setenv("DOCKER_HOST", tc.envHost)
 		os.Setenv("DOCKER_CERT_PATH", tc.envCertPath)
 		os.Setenv("DOCKER_TLS_VERIFY", tc.envTLSVerify)
 		os.Setenv("DOCKER_TLS", tc.envTLS)
+		defer os.Setenv("XDG_RUNTIME_DIR", oldXdgRuntimeDir)
 		defer os.Setenv("DOCKER_HOST", oldHost)
 		defer os.Setenv("DOCKER_CERT_PATH", oldCertPath)
 		defer os.Setenv("DOCKER_TLS_VERIFY", oldTLSVerify)
@@ -262,6 +268,79 @@ func TestGetDefaultDockerConfig(t *testing.T) {
 	}
 }
 
+func TestGetDefaultContainerEngineHost(t *testing.T) {
+
+	tmpDir, err := os.MkdirTemp("", "s2i-container-engine-host-*")
+	if err != nil {
+		t.Fatalf("failed to create xdg temp dir: %v", err)
+	}
+
+	testCases := []struct {
+		name               string
+		xdgRuntimeDir      string
+		createPodmanSocket bool
+		expectedHost       string
+	}{
+		{
+			name:               "rootless podman - socket exists",
+			xdgRuntimeDir:      tmpDir,
+			createPodmanSocket: true,
+			expectedHost:       fmt.Sprintf("unix://%s", filepath.Join(tmpDir, "podman", "podman.sock")),
+		},
+		{
+			name:               "rootless podman - socket does not exist",
+			xdgRuntimeDir:      tmpDir,
+			createPodmanSocket: false,
+			expectedHost:       client.DefaultDockerHost,
+		},
+		{
+			name:         "docker default",
+			expectedHost: client.DefaultDockerHost,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			oldXdgDir := os.Getenv("XDG_RUNTIME_DIR")
+			os.Setenv("XDG_RUNTIME_DIR", tc.xdgRuntimeDir)
+			defer os.Setenv("XDG_RUNTIME_DIR", oldXdgDir)
+
+			socketCreated := false
+			socketPath := filepath.Join(tc.xdgRuntimeDir, "podman", "podman.sock")
+			if tc.createPodmanSocket {
+
+				if _, err := os.Stat(socketPath); err != nil {
+					if err := os.MkdirAll(filepath.Dir(socketPath), 0750); err != nil {
+						t.Fatalf("failed to create socket directory: %v", err)
+					}
+					file, err := os.Create(socketPath)
+					if err != nil {
+						t.Fatalf("failed to create default podman socket: %v", err)
+					}
+					defer func() {
+						if closeErr := file.Close(); closeErr != nil {
+							t.Errorf("failed to close file: %v", closeErr)
+						}
+					}()
+					socketCreated = true
+				}
+			}
+
+			engineHost := GetDefaultContainerEngineHost()
+			if tc.expectedHost != engineHost {
+				t.Errorf("expected container host %s; got %s", tc.expectedHost, engineHost)
+			}
+
+			if socketCreated {
+				if err := os.RemoveAll(filepath.Dir(socketPath)); err != nil {
+					t.Errorf("failed to clean up podman socket: %v", err)
+				}
+			}
+
+		})
+	}
+}
+
 func TestGetAssembleUser(t *testing.T) {
 	testCases := []struct {
 		name              string