podman machine start cannot find gvproxy when brew is not installed in the standard directory

[carlos-algms]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

It is not possible to run podman machine start when brew is not installed in the default location.

Steps to reproduce the issue:

1. Install brew on your user directory, as described in the official docs:
   mkdir ~/homebrew && curl -L https://github.com/Homebrew/brew/tarball/master | tar xz --strip 1 -C ~/homebrew

2. Install podman

brew install podman
podman machine init
podman machine start 

Describe the results you received:

podman machine start returns:

Error: unable to start host networking: 
"could not find \"gvproxy\" in one of 
[
  /usr/local/opt/podman/libexec 
  /opt/homebrew/bin /opt/homebrew/opt/podman/libexec 
  /usr/local/bin /usr/local/libexec/podman 
  /usr/local/lib/podman 
  /usr/libexec/podman 
  /usr/lib/podman
]"

Describe the results you expected:
Podman should be able to find its install location and pick up the gvproxy bin inside its libexec folder.

I can confirm that gvproxy IS inside ~/homebrew/Cellar/podman/3.4.1/libexec/ folder.

Output of podman version:

Cannot connect to Podman ....

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):
MacOS Big Sur 11.3.1

[Luap99]

see #11960
I think this should be reported against homebrew, there is no way that podman can know about custom install locations.
@ashley-cui PTAL

[carlos-algms]

I reported it here because I thought it was podman installing and executing gvproxy as a dependency under the libexec folder.

As it is only located inside podman's installation folder: ~/homebrew/Cellar/podman/3.4.1/libexec/

[ashley-cui]

gvproxy is installed by homebrew as a dependency in the podman libexec folder. homebrew does not recommend installing in another directory, and in the docs there is a warning that things may break when homebrew is installed in another place.

[carlos-algms]

I know, but gvproxy is the only missing part, if I link it to one of the paths podman listed that it is looking for it, everything works as expected.

Can it then be a new feature?
Where podman just reads its realpath and look for gvproxy in one more folder?
Its own libexec folder?

It would be great for people that do not have root access, as it is blocked by the Enterprise restrictions, so installing in other places is the only alternative.

Thanks.

[ashley-cui]

@afbjorklund for most places, it would link to $HOMEBREW_PREFIX/bin or $HOMEBREW_PREFIX/lib, but libexec is special in Homebrew, it doesn't get linked to the homebrew prefix

[afbjorklund]

Unfortunately, it looks like the formula is broken.

    resource("gvproxy").stage do
      system "make", "gvproxy"
      libexec.install "bin/gvproxy"
    end

It installs under #{prefix}/libexec/gvproxy

It was supposed to be in a "podman" subdirectory ?

So those hardcoded paths are all wrong:

	// Homebrew install paths
	"/usr/local/opt/podman/libexec",
	"/opt/homebrew/bin",
	"/opt/homebrew/opt/podman/libexec",
	"/usr/local/bin",

Or at least different to the normal ones:

	"/usr/local/libexec/podman",
	"/usr/local/lib/podman",
	"/usr/libexec/podman",
	"/usr/lib/podman",

Maybe other binaries go straight into libexec...

---

Then again, upstream is even worse:

make: *** No rule to make target 'install'.  Stop.

So I guess it needs to be "translated":

--- a/Formula/podman.rb
+++ b/Formula/podman.rb
@@ -37,6 +37,9 @@ class Podman < Formula
   def install
     os = OS.kernel_name.downcase
 
+    inreplace "vendor/github.com/containers/common/pkg/config/config_linux.go", "/usr/local/libexec/podman", libexec
+    inreplace "vendor/github.com/containers/common/pkg/config/config_darwin.go", "/usr/local/libexec/podman", libexec
+
     system "make", "podman-remote-#{os}"
     if OS.mac?
       bin.install "bin/#{os}/podman" => "podman-remote"

Then the hardcoded paths aren't needed.

@@ -17,12 +17,6 @@
 }
 
 var defaultHelperBinariesDir = []string{
-       // Homebrew install paths
-       "/usr/local/opt/podman/libexec",
-       "/opt/homebrew/bin",
-       "/opt/homebrew/opt/podman/libexec",
-       "/usr/local/bin",
-       // default paths
        "/usr/local/libexec/podman",
        "/usr/local/lib/podman",
        "/usr/libexec/podman",

[ashley-cui]

#{prefix} is /usr/local/Cellar/foo/0.1/. $HOMEBREW_PREFIX is different, it's /usr/local.
every formula in cellar is also symlinked into $HOMEBREW_PREFIX/opt/foo. The docs are pretty confusing on this, but I just verified this on my machine.

[afbjorklund]

Right, here they translate to:

HOMEBREW_PREFIX: /home/linuxbrew/.linuxbrew

prefix: /home/linuxbrew/.linuxbrew/Cellar/podman/3.4.1

And have to use podman-remote

---

It installs as a special user (with sudo), just to share precompiled binaries.

I could have installed it under /home/anders, and compiled everything...

https://docs.brew.sh/Homebrew-on-Linux

The installation script installs Homebrew to /home/linuxbrew/.linuxbrew
using sudo if possible and in your home directory at ~/.linuxbrew otherwise.

brew install --build-from-source podman

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

Where do we stand on this issue? Is it still a problem?
@ashley-cui @afbjorklund @carlos-algms WDYT?

[ashley-cui]

I don't think this is an issue that should be fixed on our end, its more of a homebrew install issue, and homebrew specifically states that some packages may break if not installed in their default location

[afbjorklund]

They forgot to patch the default config, with the current path to use.

Could try a PR (for brew), to replace the hardcoded values ?

#12161 (comment)

I guess any Linux distribution not using /usr prefix has same issue ?

---

• podman: Change hardcoded libexec path Homebrew/homebrew-core#90379

[carlos-algms]

I would say it is good for the community in general to have this fixed.
As it was pointed out, the paths are hardcoded and It would be great to have a dynamic check on the installation folder before giving up looking for executables.

I raised this ticket because if your computer is blocked by the company you work for, and you don't have admin/sudo rights, installing on a custom directory is the only option.

[afbjorklund]

You can provide your custom directory in configuration, if Homebrew and Podman doesn't want to fix their packaging

[afbjorklund]

Homebrew prefers to have their packages unpatched, so left all the unused paths in there.

/usr/local/opt/podman/libexec
/opt/homebrew/bin
/opt/homebrew/opt/podman/libexec
/usr/local/bin
/usr/local/libexec/podman -> #{HOMEBREW_PREFIX}/Cellar/#{name}/#{version}/libexec
/usr/local/lib/podman
/usr/libexec/podman
/usr/lib/podman

[carlocab]

I don't think this is an issue that should be fixed on our end, its more of a homebrew install issue

It seems weird to call this a Homebrew install issue when this is also causing problems for users who aren't even using Homebrew. See #11960 (also referenced above).

[afbjorklund]

Technically it is a problem for all "weird" installations that don't use the "usual" /usr (or /usr/local).

But there really isn't any good substitute for ./configure --prefix=$PREFIX either, so needs patching*...

* note: you can use sed, if not allowing patch

Anyway, the path locations needs to be updated:

• gvproxy (/usr/libexec/podman/gvproxy)
• catatonit (/usr/libexec/podman/catatonit)
• conmon (/usr/libexec/podman/conmon)

[bowbahdoe]

This is an issue for nix installs

[maximsmol]

as a workaround, add this to ~/.config/containers/containers.conf:

[engine]
helper_binaries_dir = [
  "{PATH_TO_GPROXY_BIN}",
  "/usr/local/libexec/podman",
  "/usr/local/lib/podman",
  "/usr/libexec/podman",
  "/usr/lib/podman",
]

on my Mac system using Nix the path is /nix/store/k92v259vn6bv0shsifxhjvavbj436906-gvproxy-0.3.0/bin
you could probably generate this via home-manager but there are other settings that get in the way

I'll work on a PR for nixpkgs soon

[afbjorklund]

It could be a problem to set one "helper" dir, if you spread the podman helpers into different packages.

On some system they have relocated them into the podman libexec, while others use a global libexec.

https://packages.debian.org/sid/catatonit
/usr/libexec/podman/catatonit ->
/usr/bin/catatonit

https://github.com/macports/macports-ports/blob/master/net/gvisor-tap-vsock/Portfile
/opt/local/libexec/gvproxy
https://github.com/macports/macports-ports/blob/master/sysutils/podman/files/patch-defaultHelperBinariesDir-for-MacPorts.diff

---

Possibly one could use symlinks, or something...

Use one podman libexec prefix, linking to the others ?

[carlocab]

@ashley-cui I think at this stage it's fairly clear that this issue isn't specific to Homebrew.

Perhaps you'd reconsider implementing a solution in this project? It seems really inefficient for your various downstream distributors to have to carry around duplicate pieces of code to work around this issue.

[ashley-cui]

@carlocab I'll bring it up with the team and see what the consensus is. I think we've gone back and forth a lot on where this gvproxy binary should live, but I can bring it up again.

[carlocab]

I don't think it's really a matter of where it should live: I think the above thread shows that that's something difficult to control.

To me, it's a matter of providing a mechanism for telling podman where gvproxy will live and documenting this. Whether this mechanism is only invoked at build-time or is also available at run-time is up to you.

[bowbahdoe]

@carlocab I will add that there is no way i have found to resolve this when installing podman via nix. Even manually telling it where gvproxy is via editing the config does not let things work

[carlocab]

@bowbahdoe something that works for us currently is to replace these lines:

podman/vendor/github.com/containers/common/pkg/config/config_darwin.go

Line 26 in 0cfb5d7

"/usr/local/libexec/podman",

podman/vendor/github.com/containers/common/pkg/config/config_linux.go

Line 40 in 0cfb5d7

"/usr/local/libexec/podman",

with the absolute path to directory we expect to contain gvproxy. You can see this here. That may or may not be something you can also do in nix, depending on when and on what the hashes used to determine the install path is computed. (I don't use nix, so I don't actually know.)

[maximsmol]

@bowbahdoe I'm guessing you tried adding my example path? If your nixpkgs is at all different you will get a different derivation and output path. You can get yours by running nix repl '<nixpkgs>' and taking the value of pkgs.gvproxy.outPath. If that's not it, would be great to see what error you are getting so we can figure out whether this is really blocking in some cases on nix

Example:

$ nix repl '<nixpkgs>'
Welcome to Nix 2.6.0. Type :? for help.

Loading '<nixpkgs>'...
Added 15937 variables.

nix-repl> pkgs.gvproxy.outPath
"/nix/store/k92v259vn6bv0shsifxhjvavbj436906-gvproxy-0.3.0"

[ashley-cui]

Alright, we'll look into a solution where a location can be set during compile-time using our makefile.

[afbjorklund]

I don't understand how Nix can work, without some PATH directory to put the symlinks in (like brew) ?

bin/podman-remote -> ../Cellar/podman/3.4.4/bin/podman-remote

Surely you don't add the installation directory for each and every little package, to the global variable ?

EDIT: Right, it was called a "user environment" (the symlink forest)

---

But the main hack is to make sure that gvisor-tap-proxy is part of the podman package, not separate.

./Cellar/podman/3.4.4/libexec/gvproxy

(brew and port decided to drop the "podman" dir)

Had it been a real program, it would already have been in the PATH and easy to find at runtime.

Here it is in the podman spec: https://src.fedoraproject.org/rpms/podman/blob/rawhide/f/podman.spec

%package gvproxy

[afbjorklund]

@ashley-cui : afaik, you already set config._installPrefix from the Makefile ?

PREFIX ?= /usr/local
BINDIR ?= ${PREFIX}/bin
LIBEXECDIR ?= ${PREFIX}/libexec
LIBEXECPODMAN ?= ${LIBEXECDIR}/podman
MANDIR ?= ${PREFIX}/share/man
SHAREDIR_CONTAINERS ?= ${PREFIX}/share/containers
ETCDIR ?= ${PREFIX}/etc

	-X $(LIBPOD)/config._installPrefix=$(PREFIX) \
	-X $(LIBPOD)/config._etcDir=$(ETCDIR) \

So need to do something similar for the helpers ($(LIBEXECPODMAN)), perhaps.

[ashley-cui]

Closed via: #13372

Example usage: make podman-remote HELPER_BINARIES_DIR=/my/location/prefix

[deadpyxel]

I'm facing the same issue on MacOs 11.6.4, attempting to get the latest version of podman up and running. I see this has been fixed but is there any special step I need to do before podman machine start?

I have installed the latest qemu but it does not have any gvproxy binary anywhere, neither can a find that binary in my system.

Everything was done using homebrew.

[maximsmol]

@deadpyxel there is always this workaround: #12161 (comment)

but you should really open an issue on the homebrew formula, it's in the hands of the package maintainers now

[deadpyxel]

I'll check that. It seems homebrew is installing the latest version, but maybe it is something with the package as you say.

Problem is that I can't apply the patch proposed since there's no gvproxy binary available.