set up containers-storage in supermin cache

In the container native build flow where we are building from
quay.io/fedora/fedora-bootc:xx it's better for the local developer
use case if we don't need to pull the container from the registry
on each iteration. Let's use containers-storage from the cache
and also use `buildah build --layers=true` in all cases.

This also bumps the default runvm cache size to account for the
extra usage associated with the containers storage.

Author: dustymabe

src/cmd-build-with-buildah

@@ -141,6 +141,7 @@ build_with_buildah() {
     # For the source: check if there's only one remote, if so use it with get-url
     # For revision: rev-parse
     set -- build --security-opt=label=disable --cap-add=all --device /dev/fuse \
+            --pull=newer --layers=true \
             --build-arg-file "$argsfile" -v "$(realpath "${tempdir}/src")":/run/src \
             --build-arg VERSION="${VERSION}" \
             --label org.opencontainers.image.source="${source}" \
@@ -169,9 +170,6 @@ build_with_buildah() {
     fi
 
     if [ -n "$DIRECT" ]; then
-        # turn on layer caching in the direct case; it wouldn't hurt in the
-        # supermin path, but it'd be a waste of space on the rootfs
-        set -- "$@" --layers=true
         # output to a tag since it's more convenient for development;
         # buildah doesn't support doing both at once
         # shellcheck disable=SC1090

src/cmdlib.sh

@@ -613,7 +613,7 @@ runcompose_tree() {
 
 # Run with cache disk.
 runvm_with_cache() {
-    local cache_size=${RUNVM_CACHE_SIZE:-45G}
+    local cache_size=${RUNVM_CACHE_SIZE:-50G}
     # "cache2" has an explicit label so we can find it in qemu easily
     if [ ! -f "${workdir}"/cache/cache2.qcow2 ]; then
         qemu-img create -f qcow2 cache2.qcow2.tmp "$cache_size"
@@ -773,7 +773,7 @@ if [ -n "\${cachedev}" ]; then
     mount -o remount,ro ${workdir}/cache
     fsfreeze -f ${workdir}/cache
     fsfreeze -u ${workdir}/cache
-    umount ${workdir}/cache
+    umount -R ${workdir}/cache
 fi
 umount ${workdir}
 /sbin/reboot -f

src/supermin-init-prelude.sh

@@ -55,6 +55,20 @@ done
 cachedev=$(blkid -lt LABEL=cosa-cache -o device || true)
 if [ -n "${cachedev}" ]; then
     mount "${cachedev}" "${workdir}"/cache
+    # Also set up container storage on the cache. We use a symlink
+    # rather than configuring graphroot in containers/storage.conf
+    # because when osbuild runs it will use the /etc/containers/storage.conf
+    # from the host (if using host as buildroot) and then will run out
+    # of space in "${workdir}"/cache/cache-containers-storage inside
+    # the bwrap environment. Doing it with a symlink means we can
+    # still use the cache from the host, but inside osbuild it will
+    # just get a blank /var/lib/containers to operate on.
+    mkdir -p "${workdir}"/cache/cache-containers-storage
+    rm -rf /var/lib/containers
+    ln -s "${workdir}"/cache/cache-containers-storage /var/lib/containers
+    # Prune all containers and images more than a few days old. Our
+    # inputs here change daily so this should be reasonable.
+    podman system prune --all --force --filter until=72h
 else
     echo "No cosa-cache filesystem found!"
 fi