[PATCH 0/3] kas-container: Make podman default for isar-rootless builds
1 view
Skip to first unread message
Jan Kiszka
Jun 18, 2026, 11:30:03 AM (21 hours ago) Jun 18
to kas-...@googlegroups.com, Felix Moessbauer
Refactorings and this new default for the new build mode so that the
most secure option is preferred in the absence of other preferences.
Jan
Jan Kiszka (3):
kas-container: Append extra runtime args late
kas-container: Move container engine after build system
detection/check
kas-container: Prefer podman over docker when the build system is
isar-rootless
kas-container | 62 ++++++++++++++++++++++++++-------------------------
1 file changed, 32 insertions(+), 30 deletions(-)
--
2.47.3
most secure option is preferred in the absence of other preferences.
Jan
Jan Kiszka (3):
kas-container: Append extra runtime args late
kas-container: Move container engine after build system
detection/check
kas-container: Prefer podman over docker when the build system is
isar-rootless
kas-container | 62 ++++++++++++++++++++++++++-------------------------
1 file changed, 32 insertions(+), 30 deletions(-)
--
2.47.3
Jan Kiszka
Jun 18, 2026, 11:30:04 AM (21 hours ago) Jun 18
to kas-...@googlegroups.com, Felix Moessbauer
From: Jan Kiszka <jan.k...@siemens.com>
For the new build system mode "isar-rootless", the daemon-less podman is
clearly the best option. As we have no pre-existing users for that mode,
use podmand as default, rather than docker. This eases the transition to
more secure build setups: docker remains default for legacy builds, but
you can already install podman in parallel and use it automatically when
doing isar-rootless builds.
Signed-off-by: Jan Kiszka <jan.k...@siemens.com>
---
kas-container | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/kas-container b/kas-container
index 3e90326..e47db45 100755
--- a/kas-container
+++ b/kas-container
@@ -552,7 +552,11 @@ fi
KAS_CONTAINER_ENGINE="${KAS_CONTAINER_ENGINE:-${KAS_DOCKER_ENGINE}}"
if [ -z "${KAS_CONTAINER_ENGINE}" ]; then
# Try to auto-detect a container engine
- if command -v docker >/dev/null 2>&1 && docker -v 2>/dev/null | grep -q '^Docker'; then
+ # Defaults if there are multiple options:
+ # podman if build system is isar-rootless, docker otherwise
+ if [ "${BUILD_SYSTEM}" = "isar-rootless" ] && command -v podman >/dev/null 2>&1; then
+ KAS_CONTAINER_ENGINE=podman
+ elif command -v docker >/dev/null 2>&1 && docker -v 2>/dev/null | grep -q '^Docker'; then
KAS_CONTAINER_ENGINE=docker
elif command -v podman >/dev/null 2>&1; then
KAS_CONTAINER_ENGINE=podman
--
2.47.3
For the new build system mode "isar-rootless", the daemon-less podman is
clearly the best option. As we have no pre-existing users for that mode,
use podmand as default, rather than docker. This eases the transition to
more secure build setups: docker remains default for legacy builds, but
you can already install podman in parallel and use it automatically when
doing isar-rootless builds.
Signed-off-by: Jan Kiszka <jan.k...@siemens.com>
---
kas-container | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/kas-container b/kas-container
index 3e90326..e47db45 100755
--- a/kas-container
+++ b/kas-container
@@ -552,7 +552,11 @@ fi
KAS_CONTAINER_ENGINE="${KAS_CONTAINER_ENGINE:-${KAS_DOCKER_ENGINE}}"
if [ -z "${KAS_CONTAINER_ENGINE}" ]; then
# Try to auto-detect a container engine
- if command -v docker >/dev/null 2>&1 && docker -v 2>/dev/null | grep -q '^Docker'; then
+ # Defaults if there are multiple options:
+ # podman if build system is isar-rootless, docker otherwise
+ if [ "${BUILD_SYSTEM}" = "isar-rootless" ] && command -v podman >/dev/null 2>&1; then
+ KAS_CONTAINER_ENGINE=podman
+ elif command -v docker >/dev/null 2>&1 && docker -v 2>/dev/null | grep -q '^Docker'; then
KAS_CONTAINER_ENGINE=docker
elif command -v podman >/dev/null 2>&1; then
KAS_CONTAINER_ENGINE=podman
--
2.47.3
MOESSBAUER, Felix
Jun 18, 2026, 12:40:46 PM (19 hours ago) Jun 18
to Kiszka, Jan, kas-...@googlegroups.com
On Thu, 2026-06-18 at 17:29 +0200, Jan Kiszka wrote:
> From: Jan Kiszka <jan.k...@siemens.com>
>
> For the new build system mode "isar-rootless", the daemon-less podman is
> clearly the best option. As we have no pre-existing users for that mode,
> use podmand as default, rather than docker. This eases the transition to
------------^ typo> From: Jan Kiszka <jan.k...@siemens.com>
>
> For the new build system mode "isar-rootless", the daemon-less podman is
> clearly the best option. As we have no pre-existing users for that mode,
> use podmand as default, rather than docker. This eases the transition to
The change itself is fine.
Felix
Reply all
Reply to author
Forward
0 new messages