Skip to content

Init pm#2088

Draft
AntonFomichev-Flant wants to merge 44 commits into
mainfrom
feat/pm
Draft

Init pm#2088
AntonFomichev-Flant wants to merge 44 commits into
mainfrom
feat/pm

Conversation

@AntonFomichev-Flant

@AntonFomichev-Flant AntonFomichev-Flant commented Mar 10, 2026

Copy link
Copy Markdown

Description

Flant package manager integration

Why do we need it, and what problem does it solve?

Boost Git workflow
Simplify werf templating

What is the expected result?

In plans:

  • minimized compilation
  • only relevant packages will be compiled
  • remove unnecessary builds

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: images
type: feature
summary: Switch to Flant package manager for building base images, reducing compilation time and simplifying werf templating.

@AntonFomichev-Flant AntonFomichev-Flant added this to the v1.8.0 milestone Mar 10, 2026
@AntonFomichev-Flant AntonFomichev-Flant force-pushed the feat/pm branch 14 times, most recently from 1e15bda to 854cedb Compare March 11, 2026 12:46
@AntonFomichev-Flant AntonFomichev-Flant force-pushed the feat/pm branch 4 times, most recently from 8f84fca to ced3603 Compare March 12, 2026 06:08
@AntonFomichev-Flant AntonFomichev-Flant marked this pull request as ready for review March 13, 2026 09:13
@flant-pinegal flant-pinegal force-pushed the feat/pm branch 3 times, most recently from 8b0cfb8 to 606dcd4 Compare March 26, 2026 08:11
@flant-pinegal flant-pinegal added the e2e/run Run e2e test on cluster of PR author label Mar 26, 2026
@flant-pinegal flant-pinegal self-assigned this Mar 26, 2026
@ArtemFedorov-Flant ArtemFedorov-Flant force-pushed the feat/pm branch 2 times, most recently from bfdf936 to c7cf797 Compare June 30, 2026 17:31
Switch virt-launcher-binaries stage and virt-artifact/gobuilder CGO
builds off ALT base onto builder/distroless + builder/golang-1.25.
Replace relocate_binaries.sh flow with pm install; bump base images
to container-factory v1.2.0.
Signed-off-by: Artem Fedorov <artem.fedorov@flant.com>
werf rejects two imports targeting the same /relocate path. Import
libvirt and qemu into separate dirs and merge them with cp -a in the
install step, as the previous flow did.
DVP packages/* wrappers pull mixed bases (builder/src, builder/alt
glibc 2.41), which conflicts with the distroless glibc 2.43 used by
golang-1.25 and qemu. Switch virt-artifact and gobuilder CGO builds
to pm install with base-image package names so all binaries link
against a single glibc 2.43.
golang-1.25 base ships .pc files but no pkg-config binary; cgo
libvirt bindings need it. Add pkgconf to the pm install set in
virt-artifact and gobuilder.
libvirt cgo bindings pull libssh, which needs OpenSSL 3.0 symbols
(ERR_error_string@OPENSSL_3.0.0). Add openssl/openssl-devel to the
pm install set in virt-artifact and gobuilder.
cgo only compiles against libvirt headers (+glib2 via libvirt.pc);
the rest are runtime libs linked by SONAME. curl-devel also pulled a
broken zlib2-devel dep. Keep -devel only for libvirt and glib2, the
rest as runtime packages.
golang-1.25 base has no git; the kubevirt build applies patches with
git apply. Add git to the pm install set.
The distroless builder has no glibc in system paths, so setcap from
the libcap pm package cannot resolve libc.so.6/libcap.so.2. Invoke it
through ld-linux with an explicit library-path pointing into /relocate.
node-labeller (glibc 2.43, pulls libvirt.so.0 -> libxml2.so.16) failed
on the base-alt virt-handler which ships libxml2.so.2. Move the -bins
stage to distroless + pm install so libvirt and its libxml2.so.16 come
from one glibc 2.43 set. nftables/jansson have no pm packages yet and
are imported from the DVP packages/* wrappers as a stopgap.
node-labeller (Go+cgo, no RUNPATH) crashlooped in the virt-launcher
initContainer of the virt-handler pod: libxml2.so.16 not found. pm
spreads libs across /usr/lib and /usr/lib64 but the gnu-glibc
ld.so.cache only indexes glibc paths. Run ldconfig -r /relocate in the
binaries stage so the cache covers both libdirs; -r writes
root-relative paths that resolve once /relocate becomes /. Also take
libnftnl/libmnl from pm instead of the DVP wrappers.
dvcr-importer (cgo) links libnbd.so.0 but libnbd was only in the builder
deps, not the -bins runtime set, so it crashed at startup and CVI
provisioning hung. Add libnbd + gnu-glibc to the runtime set and run
ldconfig -r /relocate so the split /usr/lib+/usr/lib64 layout resolves.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants