Build VM disk image for bootc installation VM

The image contains a disk image for the installation VM. The
installation VM can be use in order to run privileged commands unsing
rootless podman. It already contains podman, it has a systemd service
which proxies the vsock to the local podman unix socket. It also mounts
on boot a bunch of directories which contain shared mount points with
the host in order to shared the build artifacts, configurations and
the container storage.

Signed-off-by: Alice Frosi <[email protected]>

Author: alicefr

Makefile

@@ -2,6 +2,11 @@ binary_name = podman-bootc
 output_dir = bin
 build_tags = exclude_graphdriver_btrfs,btrfs_noversion,exclude_graphdriver_devicemapper,containers_image_openpgp,remote
 
+registry = quay.io/containers
+vm_image_name = bootc-vm
+vm_image_tag = latest
+vm_image = $(registry)/$(vm_image_name):$(vm_image_tag)
+
 all: out_dir docs
 	go build -tags $(build_tags) $(GOOPTS) -o $(output_dir)/$(binary_name)
 
@@ -18,6 +23,11 @@ integration_tests:
 e2e_test: all
 	ginkgo -tags $(build_tags) ./test/...
 
+image:
+	podman build -t $(vm_image) --device /dev/kvm \
+	-f containerfiles/vm/Containerfile \
+	containerfiles/vm
+
 .PHONY: docs
 docs:
 	make -C docs

containerfiles/vm/Containerfile

@@ -0,0 +1,38 @@
+FROM quay.io/fedora/fedora:42 as builder
+
+ENV URL https://download.fedoraproject.org/pub/fedora/linux/releases/42/Cloud/x86_64/images
+ENV IMAGE Fedora-Cloud-Base-Generic-42-1.1.x86_64.qcow2
+ENV CHECKSUM Fedora-Cloud-42-1.1-x86_64-CHECKSUM
+ENV LIBGUESTFS_BACKEND direct
+
+RUN dnf install -y curl libguestfs guestfs-tools curl
+
+RUN curl -L -O $URL/$IMAGE \
+	&& curl -L -O $URL/$CHECKSUM \
+	&& curl -O https://fedoraproject.org/fedora.gpg \
+	&& gpgv --keyring ./fedora.gpg $CHECKSUM \
+	&& sha256sum --ignore-missing -c $CHECKSUM \
+	&& mv $IMAGE /disk.img
+
+RUN mkdir -p /systemd-services
+COPY ./podman-vsock-proxy.service /systemd-services/podman-vsock-proxy.service
+RUN virt-copy-in -a /disk.img /systemd-services/* /etc/systemd/system
+
+# Configuration of the guest image
+RUN virt-customize -a /disk.img --install socat,podman \
+	--root-password password:bootc \
+	--run-command "sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config" \
+	--run-command "mkdir -p /usr/lib/bootc/config" \
+	--run-command "echo \"config /usr/lib/bootc/config virtiofs rw,relatime,nofail 0 0\" >> /etc/fstab" \
+	--run-command "mkdir -p /usr/lib/bootc/storage" \
+	--run-command "echo \"storage /usr/lib/bootc/storage virtiofs rw,relatime,nofail 0 0\" >> /etc/fstab" \
+	--run-command "mkdir -p /usr/lib/bootc/output" \
+	--run-command "echo \"output /var/lib/bootc/output virtiofs rw,relatime,nofail 0 0\" >> /etc/fstab" \
+	--run-command "systemctl enable podman.socket" \
+	--run-command "systemctl enable podman-vsock-proxy" \
+	--run-command "sed -i '/^additionalimagestores = \[/a\  \"/usr/lib/bootc/storage\",' /usr/share/containers/storage.conf" \
+	--run-command "dnf clean all -y"  \
+	&& virt-sparsify --in-place /disk.img
+
+FROM scratch
+COPY --from=builder /disk.img /disk.img

containerfiles/vm/podman-vsock-proxy.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Proxy vsock (PORT: 1234) to Unix podman socket
+After=network.target
+Requires=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/socat VSOCK-LISTEN:1234,reuseaddr,fork UNIX-CONNECT:/var/run/podman/podman.sock
+Restart=always
+RestartSec=3
+
+[Install]
+WantedBy=multi-user.target
+