Add podman build

2022-11-11 15:23:08 -08:00 · 2022-11-11 15:23:08 -08:00 · 1772f78aa9
parent 438c459ca5
commit 1772f78aa9
9 changed files with 940 additions and 11 deletions
--- a/15
+++ b/15
@ -14,19 +14,27 @@ rebuild:
 	rm -rf $(BUILD)
 	$(MAKE) all

-clean:
+clean: $(CONTAINER_TAG)
+ifeq ($(PODMAN_BUILD),1)
+	$(PODMAN_RUN) $(MAKE) $@
+else
 	cd cookbook && ./clean.sh
 	cargo clean --manifest-path cookbook/pkgutils/Cargo.toml
 	cargo clean --manifest-path installer/Cargo.toml
 	cargo clean --manifest-path redoxfs/Cargo.toml
 	cargo clean --manifest-path relibc/Cargo.toml
+endif
 	-$(FUMOUNT) $(BUILD)/filesystem/ || true
 	-$(FUMOUNT) /tmp/redox_installer/ || true
 	rm -rf $(BUILD)

-distclean:
+distclean: $(CONTAINER_TAG)
+ifeq ($(PODMAN_BUILD),1)
+	$(PODMAN_RUN) $(MAKE) $@
+else
 	$(MAKE) clean
 	cd cookbook && ./unfetch.sh
+endif

 pull:
 	git pull --recurse-submodules
@ -37,6 +45,9 @@ fetch: $(BUILD)/fetch.tag

 repo: $(BUILD)/repo.tag

+# Podman build recipes and vars
+include mk/podman.mk
+
 # Cross compiler recipes
 include mk/prefix.mk

--- a/mk/config.mk
+++ b/mk/config.mk
@ -13,6 +13,10 @@ FILESYSTEM_CONFIG?=config/$(ARCH)/desktop.toml
 FILESYSTEM_SIZE?=$(shell grep filesystem_size $(FILESYSTEM_CONFIG) | cut -d' ' -f3)
 ## Flags to pass to redoxfs-mkfs. Add --encrypt to set up disk encryption
 REDOXFS_MKFS_FLAGS?=
+## Set to 1 to enable Podman build, any other value will disable it
+PODMAN_BUILD?=0
+## The containerfile to use for the Podman base image
+CONTAINERFILE?=podman/redox-base-containerfile

 # Per host variables
 # TODO: get host arch automatically
@ -75,3 +79,11 @@ STRIP=$(TARGET)-strip
 export AR_$(subst -,_,$(TARGET))=$(TARGET)-ar
 export CC_$(subst -,_,$(TARGET))=$(TARGET)-gcc
 export CXX_$(subst -,_,$(TARGET))=$(TARGET)-g++
+
+
+## If Podman is being used, a container is required
+ifeq ($(PODMAN_BUILD),1)
+CONTAINER_TAG=build/container.tag
+else
+CONTAINER_TAG=
+endif
--- a/mk/depends.mk
+++ b/mk/depends.mk
@ -1,5 +1,8 @@
 # Dependencies

+# Don't check for Rust/Cargo if you will be using Podman
+ifneq ($(PODMAN_BUILD),1)
+
 ifeq ($(shell which rustup),)
 $(error rustup not found, install from "https://rustup.rs/")
 endif
@ -12,3 +15,5 @@ CARGO_CONFIG_VERSION=0.1.1
 ifeq ($(shell env -u RUSTUP_TOOLCHAIN cargo install --list | grep '^cargo-config v$(CARGO_CONFIG_VERSION):$$'),)
 $(error cargo-config $(CARGO_CONFIG_VERSION) not found, run "cargo install --force --version $(CARGO_CONFIG_VERSION) cargo-config")
 endif
+
+endif
--- a/mk/podman.mk
+++ b/mk/podman.mk
@ -0,0 +1,51 @@
+
+##############################################
+# podman.mk - Use Podman to build components #
+##############################################
+
+# Configuration variables for running make in Podman
+## Tag the podman image $IMAGE_TAG
+IMAGE_TAG?=redox-base
+## Working Directory in Podman
+CONTAINER_WORKDIR?=/mnt/redox
+## Podman command with its many arguments
+PODMAN_VOLUMES?=--volume "`pwd`":$(CONTAINER_WORKDIR):Z
+PODMAN_ENV?=--env PATH=/home/poduser/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin --env PODMAN_BUILD=0
+PODMAN_OPTIONS?=--rm --workdir $(CONTAINER_WORKDIR) --userns keep-id --user `id -u` --interactive
+PODMAN_RUN?=podman run $(PODMAN_OPTIONS) $(PODMAN_VOLUMES) $(PODMAN_ENV) $(IMAGE_TAG)
+
+container_shell: build/container.tag
+ifeq ($(PODMAN_BUILD),1)
+	podman run $(PODMAN_VOLUMES) $(PODMAN_OPTIONS) $(PODMAN_ENV) --tty $(IMAGE_TAG) bash
+else
+	@echo PODMAN_BUILD=$(PODMAN_BUILD), please set it to 1 in mk/config.mk
+endif
+
+container_clean: FORCE
+	rm -f build/container.tag
+	@echo "For complete clean of images and containers, use \"podman system reset\""
+	-podman image rm --force $(IMAGE_TAG) || true
+
+container_touch: FORCE
+ifeq ($(PODMAN_BUILD),1)
+	@echo If you get an error, the image does not exist. Just do a normal make.
+	podman image exists $(IMAGE_TAG)
+	touch build/container.tag
+else
+	@echo PODMAN_BUILD=$(PODMAN_BUILD), container not required.
+endif
+
+## Must match the value of CONTAINER_TAG in config.mk
+build/container.tag: $(CONTAINERFILE)
+ifeq ($(PODMAN_BUILD),1)
+	rm -f build/container.tag
+	-podman image rm --force $(IMAGE_TAG) || true
+	@echo "Building Podman image. This may take some time."
+	sed s/_UID_/`id -u`/ $(CONTAINERFILE) | podman build --file - $(PODMAN_VOLUMES) --tag $(IMAGE_TAG)
+	@echo "Mapping Podman user space. Please wait."
+	$(PODMAN_RUN) echo "Podman ready!"
+	mkdir -p build
+	touch $@
+else
+	@echo PODMAN_BUILD=$(PODMAN_BUILD), container not required.
+endif
--- a/mk/prefix.mk
+++ b/mk/prefix.mk
@ -16,7 +16,10 @@ PREFIX_STRIP=\
 		-exec strip --strip-unneeded {} ';' \
 		2> /dev/null

-$(PREFIX)/relibc-install: $(ROOT)/relibc | $(PREFIX)/rust-install
+$(PREFIX)/relibc-install: $(ROOT)/relibc | $(PREFIX)/rust-install $(CONTAINER_TAG)
+ifeq ($(PODMAN_BUILD),1)
+	$(PODMAN_RUN) $(MAKE) $@
+else
 	rm -rf "$@.partial" "$@"
 	cp -r "$(PREFIX)/rust-install" "$@.partial"
 	rm -rf "$@.partial/$(TARGET)/include/"*
@ -33,6 +36,7 @@ $(PREFIX)/relibc-install: $(ROOT)/relibc | $(PREFIX)/rust-install
 	cd "$@.partial" && $(PREFIX_STRIP)
 	touch "$@.partial"
 	mv "$@.partial" "$@"
+endif

 $(PREFIX)/relibc-install.tar.gz: $(PREFIX)/relibc-install
 	tar \
@ -77,7 +81,10 @@ $(PREFIX)/binutils: $(PREFIX)/binutils.tar.bz2
 	touch "$@.partial"
 	mv "$@.partial" "$@"

-$(PREFIX)/binutils-install: $(PREFIX)/binutils
+$(PREFIX)/binutils-install: $(PREFIX)/binutils $(CONTAINER_TAG)
+ifeq ($(PODMAN_BUILD),1)
+	$(PODMAN_RUN) $(MAKE) $@
+else
 	rm -rf "$<-build" "$@.partial" "$@"
 	mkdir -p "$<-build" "$@.partial"
 	cd "$<-build" && \
@ -93,6 +100,7 @@ $(PREFIX)/binutils-install: $(PREFIX)/binutils
 	cd "$@.partial" && $(PREFIX_STRIP)
 	touch "$@.partial"
 	mv "$@.partial" "$@"
+endif

 $(PREFIX)/gcc.tar.bz2:
 	mkdir -p "$(@D)"
@ -106,7 +114,10 @@ $(PREFIX)/gcc: $(PREFIX)/gcc.tar.bz2
 	touch "$@.partial"
 	mv "$@.partial" "$@"

-$(PREFIX)/gcc-freestanding-install: $(PREFIX)/gcc | $(PREFIX)/binutils-install
+$(PREFIX)/gcc-freestanding-install: $(PREFIX)/gcc | $(PREFIX)/binutils-install $(CONTAINER_TAG)
+ifeq ($(PODMAN_BUILD),1)
+	$(PODMAN_RUN) $(MAKE) $@
+else
 	rm -rf "$<-freestanding-build" "$@.partial" "$@"
 	mkdir -p "$<-freestanding-build"
 	cp -r "$(PREFIX)/binutils-install" "$@.partial"
@ -126,8 +137,12 @@ $(PREFIX)/gcc-freestanding-install: $(PREFIX)/gcc | $(PREFIX)/binutils-install
 	cd "$@.partial" && $(PREFIX_STRIP)
 	touch "$@.partial"
 	mv "$@.partial" "$@"
+endif

-$(PREFIX)/rust-freestanding-install: $(ROOT)/rust | $(PREFIX)/binutils-install
+$(PREFIX)/rust-freestanding-install: $(ROOT)/rust | $(PREFIX)/binutils-install $(CONTAINER_TAG)
+ifeq ($(PODMAN_BUILD),1)
+	$(PODMAN_RUN) $(MAKE) $@
+else
 	rm -rf "$(PREFIX)/rust-freestanding-build" "$@.partial" "$@"
 	mkdir -p "$(PREFIX)/rust-freestanding-build"
 	cp -r "$(PREFIX)/binutils-install" "$@.partial"
@ -153,8 +168,12 @@ $(PREFIX)/rust-freestanding-install: $(ROOT)/rust | $(PREFIX)/binutils-install
 	mv "$@.partial" "$@"
 	mkdir $@/lib/rustlib/src
 	ln -s $(ROOT)/rust $@/lib/rustlib/src
+endif

-$(PREFIX)/relibc-freestanding-install: $(ROOT)/relibc | $(PREFIX_BASE_INSTALL) $(PREFIX_FREESTANDING_INSTALL)
+$(PREFIX)/relibc-freestanding-install: $(ROOT)/relibc | $(PREFIX_BASE_INSTALL) $(PREFIX_FREESTANDING_INSTALL) $(CONTAINER_TAG)
+ifeq ($(PODMAN_BUILD),1)
+	$(PODMAN_RUN) $(MAKE) $@
+else
 	rm -rf "$@.partial" "$@"
 	mkdir -p "$@.partial"
 	cd "$<" && \
@ -166,8 +185,12 @@ $(PREFIX)/relibc-freestanding-install: $(ROOT)/relibc | $(PREFIX_BASE_INSTALL) $
 	cd "$@.partial" && $(PREFIX_STRIP)
 	touch "$@.partial"
 	mv "$@.partial" "$@"
+endif

-$(PREFIX)/gcc-install: $(PREFIX)/gcc | $(PREFIX)/relibc-freestanding-install
+$(PREFIX)/gcc-install: $(PREFIX)/gcc | $(PREFIX)/relibc-freestanding-install $(CONTAINER_TAG)
+ifeq ($(PODMAN_BUILD),1)
+	$(PODMAN_RUN) $(MAKE) $@
+else
 	rm -rf "$<-build" "$@.partial" "$@"
 	mkdir -p "$<-build"
 	cp -r "$(PREFIX_BASE_INSTALL)" "$@.partial"
@ -194,6 +217,7 @@ $(PREFIX)/gcc-install: $(PREFIX)/gcc | $(PREFIX)/relibc-freestanding-install
 	cd "$@.partial" && $(PREFIX_STRIP)
 	touch "$@.partial"
 	mv "$@.partial" "$@"
+endif

 $(PREFIX)/gcc-install.tar.gz: $(PREFIX)/gcc-install
 	tar \
@ -203,7 +227,10 @@ $(PREFIX)/gcc-install.tar.gz: $(PREFIX)/gcc-install
 		--directory="$<" \
 		.

-$(PREFIX)/rust-install: $(ROOT)/rust | $(PREFIX)/gcc-install $(PREFIX)/relibc-freestanding-install
+$(PREFIX)/rust-install: $(ROOT)/rust | $(PREFIX)/gcc-install $(PREFIX)/relibc-freestanding-install $(CONTAINER_TAG)
+ifeq ($(PODMAN_BUILD),1)
+	$(PODMAN_RUN) $(MAKE) $@
+else
 	rm -rf "$(PREFIX)/rust-build" "$@.partial" "$@"
 	mkdir -p "$(PREFIX)/rust-build"
 	cp -r "$(PREFIX)/gcc-install" "$@.partial"
@ -228,6 +255,7 @@ $(PREFIX)/rust-install: $(ROOT)/rust | $(PREFIX)/gcc-install $(PREFIX)/relibc-fr
 	cd "$@.partial" && find . -name *.old -exec rm {} ';' && $(PREFIX_STRIP)
 	touch "$@.partial"
 	mv "$@.partial" "$@"
+endif

 $(PREFIX)/rust-install.tar.gz: $(PREFIX)/rust-install
 	tar \
--- a/mk/repo.mk
+++ b/mk/repo.mk
@ -1,4 +1,7 @@
-$(BUILD)/fetch.tag: cookbook installer prefix $(FILESYSTEM_CONFIG)
+$(BUILD)/fetch.tag: cookbook installer prefix $(FILESYSTEM_CONFIG) $(CONTAINER_TAG)
+ifeq ($(PODMAN_BUILD),1)
+	$(PODMAN_RUN) $(MAKE) $@
+else
 	$(HOST_CARGO) build --manifest-path cookbook/Cargo.toml --release
 	$(HOST_CARGO) build --manifest-path installer/Cargo.toml --release
 	PACKAGES="$$($(INSTALLER) --list-packages -c $(FILESYSTEM_CONFIG))" && \
@ -6,8 +9,12 @@ $(BUILD)/fetch.tag: cookbook installer prefix $(FILESYSTEM_CONFIG)
 	./fetch.sh "$${PACKAGES}"
 	mkdir -p $(BUILD)
 	touch $@
+endif

-$(BUILD)/repo.tag: $(BUILD)/fetch.tag
+$(BUILD)/repo.tag: $(BUILD)/fetch.tag $(CONTAINER_TAG)
+ifeq ($(PODMAN_BUILD),1)
+	$(PODMAN_RUN) $(MAKE) $@
+else
 	$(HOST_CARGO) build --manifest-path cookbook/Cargo.toml --release
 	$(HOST_CARGO) build --manifest-path installer/Cargo.toml --release
 	export PATH="$(PREFIX_PATH):$$PATH" && \
@ -15,4 +22,7 @@ $(BUILD)/repo.tag: $(BUILD)/fetch.tag
 	cd cookbook && \
 	./repo.sh "$${PACKAGES}"
 	mkdir -p $(BUILD)
+	# make sure fetch.tag is newer than the things repo modifies
+	touch $<
 	touch $@
+endif
--- a/podman/README.md
+++ b/podman/README.md
@ -0,0 +1,238 @@
+# Using Rootless Podman for your build
+
+To make the Redox build process more consistent across platforms, we are using **Rootless Podman** for major parts of the build. **Podman** is invoked automatically and transparently within the Makefiles.
+
+## Disabling Podman build
+
+By default, the build process should operate as it did in the past. The variable **PODMAN_BUILD** in `mk/config.mk` defaults to zero, so that **Podman** will not be invoked.
+
+## TL;DR - [New](#new-working-directory) or [Existing](#existing-working-directory) Working Directory
+
+### New Working Directory 
+
+- Make sure you have the `curl` command. E.g. for Pop!_OS/Ubuntu/Debian:
+```sh
+which curl || sudo apt-get install curl 
+```
+- Make a directory, get a copy of `podman_bootstrap.sh` and run it. This will clone the repository and install **Podman**.
+```sh
+mkdir -p ~/tryredox
+cd ~/tryredox
+curl -sf https://gitlab.redox-os.org/redox-os/redox/raw/master/podman_bootstrap.sh -o podman_bootstrap.sh
+time bash -e podman_bootstrap.sh
+```
+- Change to the `redox` directory.
+```sh
+cd ~/tryredox/redox
+```
+- Edit `mk/config.mk` and change PODMAN_BUILD to 1.
+```sh
+gedit mk/config.mk &
+```
+```
+...
+PODMAN_BUILD?=1
+...
+```
+- Build the system.
+```sh
+time make all
+```
+
+### Existing Working Directory
+
+- Change to your working directory and get the updates to the build files.
+```sh
+cd ~/tryredox/redox
+git fetch upstream master
+git rebase upstream/master
+```
+
+- Install **Podman**. Many distros require additional packages. Check the [Minimum Installation](#minimum-installation) instructions to see what is needed for your distro. Or, run the following in your working directory:
+```sh
+./podman_bootstrap.sh -d
+```
+
+- Set `PODMAN_BUILD` to 1 and run `make`.
+```sh
+export PODMAN_BUILD=1
+make all
+```
+
+To ensure `PODMAN_BUILD` is properly set for future builds, edit `mk/config.mk` and change its value.
+```sh
+gedit mk/config.mk &
+```
+```
+...
+PODMAN_BUILD?=1
+...
+```
+
+## Minimum Installation
+
+Most of the packages required for the build are installed in the container as part of the build process. However, some packages need to be installed on the host computer. You may also need to install an emulator such as **QEMU**. This is done for you in `podman_bootstrap.sh`, but you can do a minimum install by following the instructions below.
+
+### Pop!_OS
+
+```sh
+sudo install podman
+```
+
+### Ubuntu
+
+```sh
+sudo install podman curl git make libfuse-dev
+```
+
+### ArchLinux
+
+```sh
+sudo pacman -S --needed git podman fuse
+```
+
+### Fedora
+
+```sh
+sudo dnf install podman
+```
+
+## Podman Build Overview
+
+**Podman** is a container that executes a virtual machine image. In our case, we are creating an **Ubuntu** image, with a **Rust** installation and all the packages needed to build the system.
+
+The build process is performed in your normal working directory, e.g. `~/tryredox/redox`. Compilation of the Redox components is performed in the container, but the final Redox image (`build/harddrive.img` or `build/livedisk.iso`) is constructed using [Fuse](https://github.com/libfuse/libfuse) running directly on your host machine.
+
+Setting `PODMAN_BUILD` to 1 in the environment (e.g. `PODMAN_BUILD=1 make all`) or in `mk/config.mk` will cause **Podman** to be invoked when building.
+
+First, a **base image** called `redox_base` will be constructed, with all the necessary packages for the build. A "home" directory will also be created in the image. This is the home directory of your container alter ego, `poduser`. It will contain the `rustup` install, and the `.bashrc`. This takes some time, but is only done when necessary. The *tag* file [build/container.tag](#buildcontainertag) is also created at this time to prevent unnecessary image builds.
+
+Then, various `make` commands are executed in **containers** built from the **base image**. The files are constructed in your working directory tree, just as they would for a non-Podman build. In fact, if all necessary packages are installed on your host system, you can switch Podman on and off relatively seamlessly, although there is no benefit to doing so.
+
+The build process is using **Podman**'s `keep-id` feature, which allows your regular User ID to be mapped to `poduser` in the container. The first time a container is built, it takes some time to set up this mapping. In order to minimize the impact of this, immediately after creating the image, a throw-away container is built. After the first container is built, new containers can be built almost instantly.
+
+### NOTES
+
+- Envionment and Command Line Variables are not passed to the part of `make` that is done in **Podman**. You must set any config variables in `mk/config.mk` and not on the command line or in your environment.
+
+- If you are building your own software to include in Redox, and you need to install additional packages using `apt-get` for the build, follow [Adding Packages to the Build](#adding-packages-to-the-build).
+
+## build/container.tag
+
+The building of the **image** is controlled by the *tag file* `build/container.tag`. If you run `make all` with **PODMAN_BUILD=1**, the file `build/container.tag` will be created after the **image** is built. This file tells `make` that it can skip updating the **image** after the first time.
+
+Many targets in the Makefiles `mk/*.mk` include `build/container.tag` as a dependency. If the *tag file* is missing, building any of those targets may trigger an image to be created, which can take some time.
+
+When you move to a new working directory, if you want to save a few minutes, and you are confident that your **image** is correct, you can do
+```sh
+make container_touch
+```
+This will create the file `build/container.tag`. However, it will fail if the image does not exist. If it fails, just do a normal `make`, it will create the container when needed.
+
+## Cleaning Up
+
+To remove the **base image**, any lingering containers, and `build/container.tag`, use
+```sh
+make container_clean
+```
+
+To check that everything has been removed,
+```sh
+podman ps -a
+podman images
+```
+will show any remaining images or containers. If you need to do further cleanup,
+```
+podman system reset
+```
+will remove **all** images and containers. You still may need to remove `build/container.tag` if you did not do `make container_clean`.
+
+**Note:** `make clean` invokes `cargo clean` on various components, and since the build is designed to not require **Cargo** on your host machine, it must run `cargo clean` in a container, and could trigger an image build. Also, note that `make clean` does **not** run `make container_clean` and will **not** remove the contianer image.
+
+## Debugging your Build Process
+
+If you are developing your own components and wish to do one-time debugging to determine what package you are missing in the **Podman Build** environment, the following instructions can help. Note that your changes will not be persistent. After debugging, **you must** [Add your Packages to the Build](#adding-packages-to-the-build). With **PODMAN_BUILD=1**, run the command:
+```sh
+make container_shell
+```
+
+This will start a `bash` shell in the **Podman** container environment, as a normal user without `sudo` privilege. Within that environment, you can build the Redox components with:
+```sh
+make build/repo.tag
+```
+
+If you need `root` privileges, while you are **still running** the above `bash` shell, go to a separate **Terminal** or **Console** window on the host and type:
+```sh
+podman ps
+```
+
+This will list all running containers. There should be only one, but if there is more than one, consider only the newest. In the last column of the display, the container will have a randomly generated name `ADJECTIVE_NOUN`, e.g. `boring_dickens`. Replace the word `CONTAINER` with that name and type:
+
+```sh
+podman exec --user=0 -it CONTAINER bash
+```
+
+You will then be running bash with `root` privilege in the container, and you can use `apt-get` or whatever tools you need, and it will affect the environment of the user-level `container_shell` above. Do not precede the commands with `sudo` as you are already `root`. And remember that you are in an **Ubuntu** instance.
+
+**Note**: Your changes will not persist once both shells have been exited.
+
+Type `exit` on both shells once you have determined how to solve your problem.
+
+## Adding Packages to the Build
+
+The default **Containerfile**, `podman/redox-base-containerfile`, imports all required packages for a normal Redox build.
+
+However, you cannot easily add packages after the **base image** is created. You must add them to your own Containerfile. 
+
+Copy `podman/redox-base-containerfile` and add to the list of packages in the initial `apt-get`.
+
+Then, edit `mk/config.mk`, and change the variable **CONTAINERFILE** to point to your Containerfile, e.g.
+```
+CONTAINERFILE?=podman/my-containerfile
+```
+
+If your Containerfile is newer than the **base image**, a new **base image** will be created.
+
+If you feel the need to have more than one **base image**, you can change the variable **IMAGE_TAG** in `mk/podman.mk` to give the image a different tag.
+
+## Summary of Podman-related Make Targets and Podman Commands
+
+- `make build/container.tag`: If no container image has been built, build one. It's not necessary to do this, it will be done when needed.
+
+- `make container_touch`: If a container image already exists, but there is no *tag* file, create the *tag* file so a new image is not built.
+
+- `make container_clean`: Remove the container image and the *tag* file.
+
+- `make container_shell`: Start an interactive `bash` shell in the same environment used by `make`.
+
+- `podman exec --user=0 -it CONTAINER bash`: Use this command in combination with `make container_shell` to get root access to the normal build environment, so you can temporarily add packages to the environment. `CONTAINER` is the name of the active container as shown by `podman ps`. For temporary, debugging purposes only.
+
+- `podman system reset`: Use this command when `make container_clean` is not sufficient to solve problems caused by errors in the container image. It will remove all images, use with caution. If you are using **Podman** for any other purpose, those images will be deleted as well.
+
+## Gory Details
+
+If you are interested in how we are able to use your working directory for builds in **Podman**, the following configuration details may be interesting.
+
+We are using **Rootless Podman**'s `--userns keep-id` feature. Because **Podman** is being run **Rootless**, the *container's* `root` user is actually mapped to your User ID on the host. Without the `keep-id` option, a regular user in the container maps to a phantom user outside the container. With the `keep-id` option, a user in the container that has the same User ID as your host User ID, will have the same permissions as you.
+
+During the creation of the **base image**, **Podman** invokes **Buildah**. **Buildah** does not allow User IDs to be shared between the host and the container in the same way that **Podman** does. So the **base image** is created without `keep-id`, then the first container created from the image, with `keep-id` enabled, triggers a remapping. Once that remapping is done, it is reused for each subsequent container.
+
+The working directory is made available in the container by **mounting** it as a **volume**. The **Podman** option 
+```
+--volume "`pwd`":$(CONTAINER_WORKDIR):Z
+```
+takes the directory that `make` was started in as the host working directory, and **mounts** it at the location `$CONTAINER_WORKDIR`, normally set to `/mnt/redox`. The `:Z` at the end of the name indicates that the mounted directory should not be shared between simultaneous container instances. It is optional on some Linux distros, and not optional on others.
+
+For our invocation of Podman, we set the PATH environment variable as an option to `podman run`. This is to avoid the need for our `make` command to run `.bashrc`, which would add extra complexity.
+
+We also set `PODMAN_BUILD=0` in the environment, to ensure that the instance of `make` running in the container knows not to invoke **Podman**. This overrides the value set in `mk/config.mk`.
+
+In the **Containerfile**, we use as few `RUN` commands as possible, as **Podman** commits the image after each command. And we use `CMD` rather than `ENTRYPOINT` to allow us to specify the command to run as a list of arguments, rather than just a string to be processed as a command by the entrypoint shell.
+
+Containers in our build process are run with `--rm` to ensure the container is discarded after each use. This prevents a proliferation of used containers. However, when you use `make container_clean`, you may notice multiple items being deleted. These are the partial images created as each `RUN` command is executed while building.
+
+Container images and container data is normally stored in the directory `$HOME/.local/share/containers/storage`. The command
+```sh
+podman system reset
+```
+removes that directory in its entirety. However, the contents of any **volume** are left alone.
--- a/podman/redox-base-containerfile
+++ b/podman/redox-base-containerfile
@ -0,0 +1,48 @@
+FROM ubuntu:latest
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \        
+        autoconf \
+        automake \
+        autopoint \
+        bison \
+        build-essential \
+        ca-certificates \
+        cmake \
+        curl \
+        file \
+        flex \
+        fuse \
+        genisoimage \
+        git \
+        gperf \
+        libc6-dev-i386 \
+        libexpat-dev \
+        libfuse-dev \
+        libgmp-dev \
+        libhtml-parser-perl \
+        libpng-dev \
+        libtool \
+        m4 \
+        nasm \
+        pkg-config \
+        po4a \
+        syslinux-utils \
+        texinfo \
+        libsdl1.2-dev \
+        ninja-build \
+        meson \
+        python3-mako \
+        rsync \
+        wget
+
+# _UID_ must be replaced with the user's uid on host
+RUN useradd --create-home --no-log-init --uid _UID_ poduser
+
+USER poduser
+
+RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain nightly && \
+        /home/poduser/.cargo/bin/cargo install --force --version 0.1.1 cargo-config && \
+        /home/poduser/.cargo/bin/cargo install --force --version 0.3.20 xargo
+
+CMD [ "bash", "-c"]
--- a/podman_bootstrap.sh
+++ b/podman_bootstrap.sh
@ -0,0 +1,526 @@
+#!/usr/bin/env bash
+
+##########################################################
+# This function is simply a banner to introduce the script
+##########################################################
+banner()
+{
+	echo "|------------------------------------------|"
+	echo "|----- Welcome to the redox bootstrap -----|"
+	echo "|-------- for building with Podman --------|"
+	echo "|------------------------------------------|"
+}
+
+###################################################################################
+# This function takes care of installing a dependency via package manager of choice
+# for building redox on BSDs (MacOS, FreeBSD, etc.).
+# @params:    $1 package manager
+#            $2 package name
+#            $3 binary name (optional)
+###################################################################################
+install_bsd_pkg()
+{
+    PKG_MANAGER=$1
+    PKG_NAME=$2
+    BIN_NAME=$3
+    if [ -z "$BIN_NAME" ]; then
+        BIN_NAME=$PKG_NAME
+    fi
+
+    BIN_LOCATION=$(which $BIN_NAME || true)
+    if [ -z "$BIN_LOCATION" ]; then
+        echo "$PKG_MANAGER install $PKG_NAME"
+        $PKG_MANAGER install "$PKG_NAME"
+    else
+        echo "$BIN_NAME already exists at $BIN_LOCATION, no need to install $PKG_NAME..."
+    fi
+}
+
+install_macports_pkg()
+{
+    install_bsd_pkg "sudo port" "$1" "$2"
+}
+
+install_brew_pkg()
+{
+    install_bsd_pkg "brew" $@
+}
+
+install_brew_cask_pkg()
+{
+    install_bsd_pkg "brew cask" $@
+}
+
+install_freebsd_pkg()
+{
+    install_bsd_pkg "sudo pkg" $@
+}
+
+###############################################################################
+# This function checks which of the supported package managers
+# is available on the OSX Host.
+# If a supported package manager is found, it delegates the installing work to
+# the relevant function.
+# Otherwise this function will exit this script with an error.
+###############################################################################
+osx()
+{
+    echo "Detected OSX!"
+
+    if [ ! -z "$(which brew)" ]; then
+        osx_homebrew $@
+    elif [ ! -z "$(which port)" ]; then
+        osx_macports $@
+    else
+        echo "Please install either Homebrew or MacPorts, if you wish to use this script"
+        echo "Re-run this script once you installed one of those package managers"
+        echo "Will not install, now exiting..."
+        exit 1
+    fi
+}
+
+###############################################################################
+# This function takes care of installing all dependencies using MacPorts
+# for building redox on Mac OSX
+# @params:    $1 the emulator to install, virtualbox or qemu
+###############################################################################
+osx_macports()
+{
+    echo "Macports detected! Now updating..."
+    sudo port -v selfupdate
+
+    echo "Installing missing packages..."
+
+    install_macports_pkg "git"
+    install_macports_pkg "cmake"
+
+    if [ "$1" == "qemu" ]; then
+        install_macports_pkg "qemu" "qemu-system-x86_64"
+    else
+        install_macports_pkg "virtualbox"
+    fi
+
+    install_macports_pkg "osxfuse"
+	install_macports_pkg "podman"
+}
+
+###############################################################################
+# This function takes care of installing all dependencies using Homebrew
+# for building redox on Mac OSX
+# @params:    $1 the emulator to install, virtualbox or qemu
+###############################################################################
+osx_homebrew()
+{
+    echo "Homebrew detected! Now updating..."
+    brew update
+
+    echo "Installing missing packages..."
+
+    install_brew_pkg "git"
+
+    if [ "$1" == "qemu" ]; then
+        install_brew_pkg "qemu" "qemu-system-x86_64"
+    else
+        install_brew_pkg "virtualbox"
+    fi
+
+    install_brew_pkg "make"
+	install_brew_pkg "podman"
+}
+
+###############################################################################
+# This function takes care of installing all dependencies using pkg
+# for building redox on FreeBSD
+# @params:    $1 the emulator to install, virtualbox or qemu
+###############################################################################
+freebsd()
+{
+    set -xe
+    echo "FreeBSD detected!"
+    echo "Installing missing packages..."
+
+    install_freebsd_pkg "git"
+
+    if [ "$1" == "qemu" ]; then
+        install_freebsd_pkg "qemu" "qemu-system-x86_64"
+    else
+        install_freebsd_pkg "virtualbox"
+    fi
+
+    install_freebsd_pkg "gmake"
+    install_freebsd_pkg "podman"
+    set +xe
+}
+
+###############################################################################
+# This function takes care of installing all dependencies for building redox on
+# Arch linux
+# @params:	$1 the emulator to install, virtualbox or qemu
+###############################################################################
+archLinux()
+{
+	echo "Detected Arch Linux"
+	packages="git podman fuse"
+	if [ "$1" == "qemu" ]; then
+		packages="$packages qemu"
+	elif [ "$1" == "virtualbox" ]; then
+		packages="$packages virtualbox"
+	fi
+
+	# Scripts should not cause a system update in order to just install a couple
+	#   of packages. If pacman -S --needed is going to fail, let it fail and the
+	#   user will figure out the issues (without updating if required) and rerun
+	#   the script.
+	#echo "Updating system..."
+	#sudo pacman -Syu
+
+	echo "Installing packages $packages..."
+	sudo pacman -S --needed $packages
+}
+
+###############################################################################
+# This function takes care of installing all dependencies for building redox on
+# debian based linux
+# @params:	$1 the emulator to install, virtualbox or qemu
+# 		$2 the package manager to use
+###############################################################################
+ubuntu()
+{
+	echo "Detected Ubuntu/Debian"
+	echo "Updating system..."
+	sudo "$2" update
+	echo "Installing required packages..."
+	sudo "$2" install \
+		podman curl git make libfuse-dev
+	if [ "$1" == "qemu" ]; then
+		if [ -z "$(which qemu-system-x86_64)" ]; then
+			echo "Installing QEMU..."
+			sudo "$2" install qemu-system-x86 qemu-kvm
+			sudo "$2" install qemu-efi-arm qemu-system-arm
+		else
+			echo "QEMU already installed!"
+		fi
+	else
+		if [ -z "$(which virtualbox)" ]; then
+			echo "Installing Virtualbox..."
+			sudo "$2" install virtualbox
+		else
+			echo "Virtualbox already installed!"
+		fi
+	fi
+}
+
+###############################################################################
+# This function takes care of installing all dependencies for building redox on
+# fedora linux
+# @params:	$1 the emulator to install, virtualbox or qemu
+###############################################################################
+fedora()
+{
+	echo "Detected Fedora"
+	if [ -z "$(which git)" ]; then
+		echo "Installing git..."
+		sudo dnf install git-all
+	fi
+	if [ "$1" == "qemu" ]; then
+		if [ -z "$(which qemu-system-x86_64)" ]; then
+			echo "Installing QEMU..."
+			sudo dnf install qemu-system-x86 qemu-kvm
+		else
+			echo "QEMU already installed!"
+		fi
+	else
+		if [ -z "$(which virtualbox)" ]; then
+			echo "Installing virtualbox..."
+			sudo dnf install virtualbox
+		else
+			echo "Virtualbox already installed!"
+		fi
+	fi
+	# Use rpm -q <package> to check if it's already installed
+	PKGS=$(for pkg in podman; do rpm -q $pkg > /dev/null || echo $pkg; done)
+	# If the list of packages is not empty, install missing
+	COUNT=$(echo $PKGS | wc -w)
+	if [ $COUNT -ne 0 ]; then
+					echo "Installing necessary build tools..."
+					sudo dnf install $PKGS
+	fi
+}
+
+###############################################################################
+# This function takes care of installing all dependencies for building redox on
+# *suse linux
+# @params:	$1 the emulator to install, virtualbox or qemu
+###############################################################################
+suse()
+{
+	echo "Detected SUSE Linux"
+	if [ -z "$(which git)" ]; then
+		echo "Installing git..."
+		zypper install git
+	fi
+	if [ "$1" == "qemu" ]; then
+		if [ -z "$(which qemu-system-x86_64)" ]; then
+			echo "Installing QEMU..."
+			sudo zypper install qemu-x86 qemu-kvm
+		else
+			echo "QEMU already installed!"
+		fi
+	else
+		if [ -z "$(which virtualbox)" ]; then
+			echo "Please install Virtualbox and re-run this script,"
+			echo "or run with -e qemu"
+			exit
+		else
+			echo "Virtualbox already installed!"
+		fi
+	fi
+	echo "Installing necessary build tools..."
+	sudo zypper install make fuse-devel podman
+}
+
+##############################################################################
+# This function takes care of installing all dependencies for building redox on
+# gentoo linux
+# @params:	$1 the emulator to install, virtualbox or qemu
+##############################################################################
+gentoo()
+{
+	echo "Detected Gentoo Linux"
+	if [ -z "$(which git)" ]; then
+		echo "Installing git..."
+		sudo emerge dev-vcs/git
+	fi
+	if [ -z "$(which fusermount)" ]; then
+		echo "Installing fuse..."
+		sudo emerge sys-fs/fuse
+	fi
+	if [ "$2" == "qemu" ]; then
+		if [ -z "$(which qemu-system-x86_64)" ]; then
+			echo "Please install QEMU and re-run this script"
+			echo "Step1. Add QEMU_SOFTMMU_TARGETS=\"x86_64\" to /etc/portage/make.conf"
+			echo "Step2. Execute \"sudo emerge app-emulation/qemu\""
+		else
+			echo "QEMU already installed!"
+		fi
+	fi
+	if [ -z "$(which cmake)" ]; then
+		echo "Installing cmake..."
+		sudo emerge dev-util/cmake
+	fi
+	if [ -z "$(which podman)" ]; then
+		echo "Please install Podman, https://wiki.gentoo.org/wiki/Podman"
+	fi
+}
+
+##############################################################################
+# This function takes care of installing all dependencies for building redox on
+# SolusOS
+# @params:	$1 the emulator to install, virtualbox or qemu
+##############################################################################
+solus()
+{
+	echo "Detected SolusOS"
+
+	if [ "$1" == "qemu" ]; then
+		if [ -z "$(which qemu-system-x86_64)" ]; then
+			sudo eopkg it qemu
+		else
+			echo "QEMU already installed!"
+		fi
+	else
+		if [ -z "$(which virtualbox)" ]; then
+			echo "Please install Virtualbox and re-run this script,"
+			echo "or run with -e qemu"
+			exit
+		else
+			echo "Virtualbox already installed!"
+		fi
+	fi
+
+	echo "Installing necessary build tools..."
+	#if guards are not necessary with eopkg since it does nothing if latest version is already installed
+	sudo eopkg it fuse-devel git make fuse2-devel rsync
+	if [ -z "$(which podman)" ]; then
+		echo "Please install Podman"
+	fi
+}
+
+######################################################################
+# This function outlines the different options available for bootstrap
+######################################################################
+usage()
+{
+	echo "------------------------"
+	echo "|Redox bootstrap script|"
+	echo "------------------------"
+	echo "Usage: ./podman_bootstrap.sh"
+	echo "OPTIONS:"
+	echo
+	echo "   -h,--help      Show this prompt"
+	echo "   -u [branch]    Update git repo and update rust"
+	echo "                  If blank defaults to master"
+	echo "   -s             Check the status of the current travis build"
+	echo "   -e [emulator]  Install specific emulator, virtualbox or qemu"
+	echo "   -p [package    Choose an Ubuntu package manager, apt-fast or"
+	echo "       manager]   aptitude"
+	echo "   -d             Only install the dependencies, skip boot step"
+	echo "EXAMPLES:"
+	echo
+	echo "./podman_bootstrap.sh -e qemu"
+	exit
+}
+
+
+#############################################################
+# Looks for and installs a cargo-managed binary or subcommand
+#############################################################
+cargoInstall() {
+	if [[ "`cargo install --list`" != *"$1 v$2"* ]]; then
+		cargo install --force --version "$2" "$1"
+	else
+		echo "You have $1 version $2 installed already!"
+	fi
+}
+
+####################################################################
+# This function gets the current build status from travis and prints
+# a message to the user
+####################################################################
+statusCheck() {
+	for i in $(echo "$(curl -sf https://api.travis-ci.org/repositories/redox-os/redox.json)" | tr "," "\n")
+	do
+		if echo "$i" | grep -iq "last_build_status" ;then
+			if echo "$i" | grep -iq "0" ;then
+				echo
+				echo "********************************************"
+				echo "Travis reports that the last build succeeded!"
+				echo "Looks like you are good to go!"
+				echo "********************************************"
+			elif echo "$i" | grep -iq "null" ;then
+				echo
+				echo "******************************************************************"
+				echo "The Travis build did not finish, this is an error with its config."
+				echo "I cannot reliably determine whether the build is succeeding or not."
+				echo "Consider checking for and maybe opening an issue on gitlab"
+				echo "******************************************************************"
+			else
+				echo
+				echo "**************************************************"
+				echo "Travis reports that the last build *FAILED* :("
+				echo "Might want to check out the issues before building"
+				echo "**************************************************"
+			fi
+		fi
+	done
+}
+
+###########################################################################
+# This function is the main logic for the bootstrap; it clones the git repo
+# then it installs the dependent packages
+###########################################################################
+boot()
+{
+	echo "Cloning gitlab repo..."
+	git clone https://gitlab.redox-os.org/redox-os/redox.git --origin upstream --recursive
+	echo "Cleaning up..."
+	rm podman_bootstrap.sh
+	echo
+	echo "---------------------------------------"
+	echo "Well it looks like you are ready to go!"
+	echo "---------------------------------------"
+	statusCheck
+	echo "Run the following commands to build redox using Podman:"
+	echo
+	echo "cd redox"
+	MAKE="make"
+	if [[ "$(uname)" == "FreeBSD" ]]; then
+    	MAKE="gmake"
+    	echo "kldload fuse.ko # This loads the kernel module for fuse"
+    fi
+	echo "export PODMAN_BUILD=1"
+	echo "$MAKE all"
+	echo "$MAKE virtualbox or qemu"
+	echo
+	echo "You can also edit mk/config.mk and change PODMAN_BUILD to 1 so"
+	echo "you don't need to specify it on the command line."
+	echo
+	echo "      Good luck!"
+
+	exit
+}
+
+if [ "$1" == "-h" ] || [ "$1" == "--help" ]; then
+	usage
+elif [ "$1" == "-u" ]; then
+	git pull upstream master
+	git submodule update --recursive --init
+	rustup update nightly
+	exit
+elif [ "$1" == "-s" ]; then
+	statusCheck
+	exit
+fi
+
+emulator="qemu"
+defpackman="apt-get"
+dependenciesonly=false
+update=false
+while getopts ":e:p:udhs" opt
+do
+	case "$opt" in
+		e) emulator="$OPTARG";;
+		p) defpackman="$OPTARG";;
+		d) dependenciesonly=true;;
+		u) update=true;;
+		h) usage;;
+		s) statusCheck && exit;;
+		\?) echo "I don't know what to do with that option, try -h for help"; exit;;
+	esac
+done
+
+banner
+
+if [ "$update" == "true" ]; then
+	git pull upstream master
+	git submodule update --recursive --init
+	exit
+fi
+
+if [ "Darwin" == "$(uname -s)" ]; then
+	osx "$emulator"
+else
+	# Here we will use package managers to determine which operating system the user is using.
+
+	# Suse and derivatives
+	if hash 2>/dev/null zypper; then
+		suse "$emulator"
+	# Debian or any derivative of it
+	elif hash 2>/dev/null apt-get; then
+		ubuntu "$emulator" "$defpackman"
+	# Fedora
+	elif hash 2>/dev/null dnf; then
+		fedora "$emulator"
+	# Gentoo
+	elif hash 2>/dev/null emerge; then
+		gentoo "$emulator"
+	# SolusOS
+	elif hash 2>/dev/null eopkg; then
+		solus "$emulator"
+	# Arch linux
+	elif hash 2>/dev/null pacman; then
+		archLinux "$emulator"
+	# FreeBSD
+	elif hash 2>/dev/null pkg; then
+		freebsd "$emulator"
+	# Unsupported platform
+	else
+    	printf "\e[31;1mFatal error: \e[0;31mUnsupported platform, please open an issue\[0m"
+	fi
+fi
+
+if [ "$dependenciesonly" = false ]; then
+	boot
+fi
+
+echo "Redox bootstrap complete!"