04 Feb 2021, 22:00

Podman Notes

more niche container system usage notes

Podman is a great alternative to docker for your laptop- it’s daemonless, so when you aren’t using it, it’s not wrecking your damn battery. It also doesn’t require sudo, which feels pretty nice.

wait why doesn’t this work?

Hurl in --log-level=debug anywhere to figure out why things go bad. The logs are good!

pull from dockerhub by default

Update your registries.conf-

$ cat ~/.config/containers/registries.conf
[registries.search]
registries = ['docker.io']

[registries.insecure]
registries = ['docker.io']

Insecure, as far as I can tell, is about the Notary vs GPG schism- Docker went with an experimental new system called Notary, Red Hat has always used GPG and continues to use GPG, and DockerHub images are not GPG signed.

It’s all kind of dumb, to be honest- the real protection is from TLS. I am not going to try and work through random third party’s adventures with key management.

rejected by policy error on pull

Error: Source image rejected: Running image docker://ubuntu:latest is rejected by policy.

or you know, whatever

My default policy.json-

$ cat /etc/containers/policy.json
{
    "default": [
        {
            "type": "reject"
        }
    ],

That’s quite a policy!

You can fix this in a local override, easy peasy-

$ cat ~/.config/containers/policy.json
{
    "default": [
        {
            "type": "insecureAcceptAnything"
        }
    ],
    "transports":
    {
        "docker-daemon":
        {
            "": [{"type":"insecureAcceptAnything"}]
        }
    }
}

I feel very… secure now… I think.