{"id":18089010,"url":"https://github.com/eriksjolund/using-podman-quick-instructions","last_synced_at":"2025-04-06T02:28:57.784Z","repository":{"id":92823537,"uuid":"248340062","full_name":"eriksjolund/using-podman-quick-instructions","owner":"eriksjolund","description":"Using podman quick instructions","archived":false,"fork":false,"pushed_at":"2023-08-02T17:20:08.000Z","size":44,"stargazers_count":5,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-12T08:39:10.053Z","etag":null,"topics":["documentation","podman"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/eriksjolund.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-03-18T20:50:39.000Z","updated_at":"2023-08-08T16:05:00.000Z","dependencies_parsed_at":null,"dependency_job_id":"7bde1c21-2f12-4b39-88d9-28f76a9db1cf","html_url":"https://github.com/eriksjolund/using-podman-quick-instructions","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eriksjolund%2Fusing-podman-quick-instructions","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eriksjolund%2Fusing-podman-quick-instructions/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eriksjolund%2Fusing-podman-quick-instructions/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eriksjolund%2Fusing-podman-quick-instructions/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/eriksjolund","download_url":"https://codeload.github.com/eriksjolund/using-podman-quick-instructions/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247425541,"owners_count":20936971,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["documentation","podman"],"created_at":"2024-10-31T17:42:36.367Z","updated_at":"2025-04-06T02:28:57.766Z","avatar_url":"https://github.com/eriksjolund.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Using [podman](https://podman.io/) quick instructions\n\nThese instructions assume that\n\n* you have some knowledge about basic Linux commands such as __ls__, __cat__, __echo__ and __grep__\n* you have a Linux computer with __podman__ installed. ([Installation instructions](https://podman.io/getting-started/installation))\n\n#### Table of contents\n\n- [Basic usage](#basic-usage)\n * [The difference between the host system and the container](#the-difference-between-the-host-system-and-the-container)\n * [Files on the host system are not accessible from within the container by default](#files-on-the-host-system-are-not-accessible-from-within-the-container-by-default)\n * [How to let the container read and write to a directory on the host system](#how-to-let-the-container-read-and-write-to-a-directory-on-the-host-system)\n * [Popular Linux container images](#popular-Linux-container-images)\n- [Install a missing software package](#install-a-missing-software-package)\n * [Is the software package already installed?](#is-the-software-package-already-installed)\n + [Example: Fedora](#example-fedora--is-graphicsmagick-already-installed)\n + [Example: CentOS](#example-centos--is-graphicsmagick-already-installed)\n + [Example: Ubuntu LTS](#example-ubuntu-lts--is-graphicsmagick-already-installed)\n + [Example: Alpine](#example-alpine--is-graphicsmagick-already-installed)\n + [Results of the tests](#results-of-the-tests-is-graphicsmagick-already-installed)\n * [Is the software package available in a package repository?](#is-the-software-package-available-in-a-package-repository)\n + [Example: Fedora](#example-fedora--is-graphicsmagick-available-in-a-package-repository)\n + [Example: CentOS](#example-centos--is-graphicsmagick-available-in-a-package-repository)\n + [Example: Ubuntu LTS](#example-ubuntu-lts--is-graphicsmagick-available-in-a-package-repository)\n + [Example: Alpine](#example-alpine--is-graphicsmagick-available-in-a-package-repository)\n + [Results of the tests](#results-of-the-tests-is-graphicsmagick-available-in-a-package-repository)\n * [Use _podman build_ to run an install command and then save the result to a new container image](#use-podman-build-to-run-an-install-command-and-then-save-the-result-to-a-new-container-image)\n + [Example: Fedora](#example-fedora--install-graphicsmagick-with-podman-build)\n + [Example: CentOS](#example-centos--install-graphicsmagick-with-podman-build)\n + [Example: Ubuntu LTS](#example-ubuntu-lts--install-graphicsmagick-with-podman-build)\n + [Example: Alpine](#example-alpine--install-graphicsmagick-with-podman-build)\n + [Compare the sizes of the built images](#compare-the-sizes-of-the-built-images)\n * [Use the installed software package (resize a photo with GraphicsMagick)](#use-the-installed-software-package-resize-a-photo-with-graphicsmagick)\n + [Example: Fedora](#example-fedora--resize-a-photo-with-graphicsmagick)\n + [Example: CentOS](#example-centos--resize-a-photo-with-graphicsmagick)\n + [Example: Ubuntu LTS](#example-ubuntu-lts--resize-a-photo-with-graphicsmagick)\n + [Example: Alpine](#example-alpine--resize-a-photo-with-graphicsmagick)\n- [Search for a pre-built container image](#search-for-a-pre-built-container-image)\n * [Example: Search docker.io](#example-search-dockerio)\n- [Security](#security)\n * [Consider the risc of malicious code in pre-built container images](#consider-the-risc-of-malicious-code-in-pre-built-container-images)\n * [How to run a command in a container image in a more secure and restricted way](#how-to-run-a-command-in-a-container-image-in-a-more-secure-and-restricted-way)\n- [How to save disk space](#how-to-save-disk-space)\n- [How to save time](#how-to-save-time)\n- [When to use the flags _-i_ (_--interactive_) and _-t_ (_--tty_)](#when-to-use-the-flags--i---interactive-and--t---tty)\n- [The professional way, using Dockerfile and Github/Gitlab](#the-professional-way-using-dockerfile-and-githubgitlab)\n\n## Basic usage\n\nShow the podman version\n\n ```\n[me@linux ~]$ podman --version\npodman version 1.8.0\n[me@linux ~]$ \n```\n\nRun the command `echo Hello!` in the container __docker.io/library/ubuntu:18.04__\n\n```\n[me@linux ~]$ podman run --rm docker.io/library/ubuntu:18.04 echo Hello!\nTrying to pull docker.io/library/ubuntu:18.04...\nGetting image source signatures\nCopying blob de83a2304fa1 done \nCopying blob b6b53be908de done \nCopying blob 423ae2b273f4 done \nCopying blob f9a83bce3af0 done \nCopying config 72300a873c done \nWriting manifest to image destination\nStoring signatures\nHello!\n[me@linux ~]$ \n```\n\nThe first lines of the text were printed to _stderr_ telling us that\npodman needed to download the container image.\n\nThe last line of the text was printed to _stdout_ and originates from the command `echo Hello!` that was run inside the container.\n\nIf we run the same command again \n\n```\n[me@linux ~]$ podman run --rm docker.io/library/ubuntu:18.04 echo Hello!\nHello!\n[me@linux ~]$ \n```\n\nwe see that the download step could be skipped.\n\nThe size of the downloaded container image __docker.io/library/ubuntu:18.04__ is 66.6 MB\n```\n[me@linux ~]$ podman images\nREPOSITORY TAG IMAGE ID CREATED SIZE\ndocker.io/library/ubuntu 18.04 72300a873c2c 4 days ago 66.6 MB\n[me@linux ~]$ \n```\n\nbut container images can be much smaller than that. For instance the popular container image \n__docker.io/library/alpine:latest__ is about 6 MB. \n\n\n## The difference between the host system and the container\n\nIf we run the command `cat /etc/os-release` inside the container\n\n```\n[me@linux ~]$ podman run --rm docker.io/library/ubuntu:18.04 cat /etc/os-release\nNAME=\"Ubuntu\"\nVERSION=\"18.04.4 LTS (Bionic Beaver)\"\nID=ubuntu\nID_LIKE=debian\nPRETTY_NAME=\"Ubuntu 18.04.4 LTS\"\nVERSION_ID=\"18.04\"\nHOME_URL=\"https://www.ubuntu.com/\"\nSUPPORT_URL=\"https://help.ubuntu.com/\"\nBUG_REPORT_URL=\"https://bugs.launchpad.net/ubuntu/\"\nPRIVACY_POLICY_URL=\"https://www.ubuntu.com/legal/terms-and-policies/privacy-policy\"\nVERSION_CODENAME=bionic\nUBUNTU_CODENAME=bionic\n[me@linux ~]$ \n```\nwe see the contents of the file _/etc/os-release_ inside the container image.\n\nIf we run `cat /etc/os-release` without podman\n\n```\n[me@linux ~]$ cat /etc/os-release\nNAME=Fedora\nVERSION=\"31 (Thirty One)\"\nID=fedora\nVERSION_ID=31\nVERSION_CODENAME=\"\"\nPLATFORM_ID=\"platform:f31\"\nPRETTY_NAME=\"Fedora 31 (Thirty One)\"\nANSI_COLOR=\"0;34\"\nLOGO=fedora-logo-icon\nCPE_NAME=\"cpe:/o:fedoraproject:fedora:31\"\nHOME_URL=\"https://fedoraproject.org/\"\nDOCUMENTATION_URL=\"https://docs.fedoraproject.org/en-US/fedora/f31/system-administrators-guide/\"\nSUPPORT_URL=\"https://fedoraproject.org/wiki/Communicating_and_getting_help\"\nBUG_REPORT_URL=\"https://bugzilla.redhat.com/\"\nREDHAT_BUGZILLA_PRODUCT=\"Fedora\"\nREDHAT_BUGZILLA_PRODUCT_VERSION=31\nREDHAT_SUPPORT_PRODUCT=\"Fedora\"\nREDHAT_SUPPORT_PRODUCT_VERSION=31\nPRIVACY_POLICY_URL=\"https://fedoraproject.org/wiki/Legal:PrivacyPolicy\"\n[me@linux ~]$ \n```\nwe see the contents of the file _/etc/os-release_ on the host system. \n\n## Files on the host system are not accessible from within the container by default\n\nThe home directory\n\n```\n[me@linux ~]$ ls -d /home/me\n/home/me\n[me@linux ~]$ \n```\n\non the host system is not available from inside the container\n\n```\n[me@linux ~]$ podman run --rm docker.io/library/ubuntu:18.04 ls -d /home/me\nls: cannot access '/home/me': No such file or directory\n[me@linux ~]$ \n```\n\nThis is because the host system and the container have different file trees.\n\n## How to let the container read and write to a directory on the host system\n\nTo run a command in the container with read and write access to the directory _/home/me/project1_ on the host system,\nadd the command line\noption `-v /home/me/project1:/some/path:Z`.\n\n```\n[me@linux ~]$ echo abc \u003e /home/me/project1/file1.txt\n[me@linux ~]$ ls /home/me/project1\nfile1.txt\n[me@linux ~]$ cat /home/me/project1\nabc\n[me@linux ~]$ podman run --rm docker.io/library/ubuntu:18.04 -v /home/me/project1:/some/path:Z cat /some/path/file1.txt\nabc\n[me@linux ~]$ podman run --rm docker.io/library/ubuntu:18.04 -v /home/me/project1:/some/path:Z rm /some/path/file1.txt\n[me@linux ~]$ ls /home/me/project1\n[me@linux ~]$ \n```\n\nThe path inside the container _/some/path_ was chosen arbitrarily.\nTo simplify things, you would often want to use the same path both outside and inside the container, i.e using the command line\noption `-v /home/me/project1:/home/me/project1:Z`.\n\n## Popular Linux container images\n\n| Container image | Size (MB) | Comment |\n| ---- | -- | -- |\n| registry.fedoraproject.org/fedora:31 | 200 | Fedora 31 |\n| docker.io/library/fedora:31 | 200 | docker.io also provides Fedora 31 |\n| docker.io/library/centos:8 | 245 | CentOS 8 | \n| docker.io/library/ubuntu:19.10 | 75 | Ubuntu 19.10 | \n| docker.io/library/ubuntu:18.04 | 67 | Ubuntu 18.04 LTS (Long Term Support) |\n| docker.io/library/alpine:3 | 6 | If you want to create very small container images. :warning: Requires a bit more expertise to work with. |\n\n# Install a missing software package\n\n__Goal of the exercise__: \n\nResize the photo _~/img/photo.jpg_ \n\n![](images/photo.jpg)\n\nto half the size\n\n![](images/resized_photo.jpg)\n\nand save it to _~/img/resized_photo.jpg_ \nby using `gm convert -resize 50%` (from the software package [__GraphicsMagick__](http://www.graphicsmagick.org)).\n\n## Is the software package already installed?\n\nIs GraphicsMagick already installed?\n\n#### Example Ubuntu LTS : Is GraphicsMagick already installed?\n\nCheck the container image __docker.io/library/ubuntu:18.04__\n\n```\n[me@linux ~]$ podman run --rm docker.io/library/ubuntu:18.04 dpkg -l | grep -i graphicsmagick\n[me@linux ~]$ \n```\n\n#### Example Fedora : Is GraphicsMagick already installed?\n\nCheck the container image __registry.fedoraproject.org/fedora:31__\n```\n[me@linux ~]$ podman run --rm registry.fedoraproject.org/fedora:31 rpm -qa | grep -i graphicsmagick\n[me@linux ~]$ \n```\n#### Example CentOS : Is GraphicsMagick already installed?\n\n\nCheck the container image __docker.io/library/centos:8__\n```\n[me@linux ~]$ podman run --rm docker.io/library/centos:8 rpm -qa | grep -i graphicsmagick\n[me@linux ~]$ \n```\n\n#### Example Alpine : Is GraphicsMagick already installed?\n\nCheck the container image __docker.io/library/alpine:3__\n\n```\n[me@linux ~]$ podman run --rm docker.io/library/alpine:3 apk --no-cache list -a | grep -i graphicsmagick\n[me@linux ~]$ \n```\n\n#### Results of the tests: Is GraphicsMagick already installed?\n\n| Container image | GraphicsMagick already installed? (Yes/No) |\n| ---- | -- |\n| docker.io/library/ubuntu:18.04 | No | \n| registry.fedoraproject.org/fedora:31 | No |\n| docker.io/library/centos:8 | No |\n| docker.io/library/alpine:3 | No | \n\n\n## Is the software package available in a package repository?\n\nIs GraphicsMagick available in a package repository?\n\n#### Example Fedora : Is GraphicsMagick available in a package repository?\n\nCheck the container image __registry.fedoraproject.org/fedora:31__\n```\n[me@linux ~]$ podman run --rm registry.fedoraproject.org/fedora:31 dnf list available | grep -i graphicsmagick\nGraphicsMagick.i686 1.3.34-1.fc31 updates \nGraphicsMagick.x86_64 1.3.34-1.fc31 updates \nGraphicsMagick-c++.i686 1.3.34-1.fc31 updates \nGraphicsMagick-c++.x86_64 1.3.34-1.fc31 updates \nGraphicsMagick-c++-devel.i686 1.3.34-1.fc31 updates \nGraphicsMagick-c++-devel.x86_64 1.3.34-1.fc31 updates \nGraphicsMagick-devel.i686 1.3.34-1.fc31 updates \nGraphicsMagick-devel.x86_64 1.3.34-1.fc31 updates \nGraphicsMagick-doc.noarch 1.3.34-1.fc31 updates \nGraphicsMagick-perl.x86_64 1.3.34-1.fc31 updates \n[me@linux ~]$ \n```\n\n(The website \nhttps://apps.fedoraproject.org/packages/\nprovides the same information)\n\n#### Example CentOS : Is GraphicsMagick available in a package repository?\n\nCheck the container image __docker.io/library/centos:8__\n```\n[me@linux ~]$ podman run --rm docker.io/library/centos:8 dnf list available | grep -i graphicsmagick\n[me@linux ~]$ \n```\n\nNothing there.\n\nLet's check the extra repository PowerTools\n\n```\n[me@linux ~]$ podman run --rm docker.io/library/centos:8 dnf repository-packages PowerTools list | grep -i graphicsmagick\n[me@linux ~]$ \n```\nNothing there.\n\nLet's check the third-party repository [EPEL](https://fedoraproject.org/wiki/EPEL).\n\n```\n[me@linux ~]$ podman run --rm docker.io/library/centos:8 /bin/bash -c \"dnf -y update \u0026\u0026 dnf -y install epel-release \u0026\u0026 dnf repository-packages epel list\" | grep -i graphicsmagick\nwarning: /var/cache/dnf/AppStream-02e86d1c976ab532/packages/libxkbcommon-0.8.2-1.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY\nImporting GPG key 0x8483C65D:\n Userid : \"CentOS (CentOS Official Signing Key) \u003csecurity@centos.org\u003e\"\n Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D\n From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial\nGraphicsMagick.x86_64 1.3.34-1.el8 epel\nGraphicsMagick-c++.x86_64 1.3.34-1.el8 epel\nGraphicsMagick-c++-devel.x86_64 1.3.34-1.el8 epel\nGraphicsMagick-devel.x86_64 1.3.34-1.el8 epel\nGraphicsMagick-doc.noarch 1.3.34-1.el8 epel\nGraphicsMagick-perl.x86_64 1.3.34-1.el8 epel\n[me@linux ~]$ \n```\n\n\n#### Example Ubuntu LTS : Is GraphicsMagick available in a package repository?\n\nCheck the container image __docker.io/library/ubuntu:18.04__\n\n```\n[me@linux ~]$ podman run --rm docker.io/library/ubuntu:18.04 /bin/bash -c \"apt-get update \u0026\u0026 apt-cache search GraphicsMagick\" | grep -i ^graphicsmagick\ngraphicsmagick - collection of image processing tools\ngraphicsmagick-dbg - format-independent image processing - debugging symbols\ngraphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface\ngraphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface\n[me@linux ~]$ \n```\n\n(The website \nhttps://packages.ubuntu.com/\nprovides the same information)\n\n#### Example Alpine : Is GraphicsMagick available in a package repository?\n\nCheck the container image __docker.io/library/alpine:3__\n\n```\n[me@linux ~]$ podman run --rm docker.io/library/alpine:3 apk --no-cache list -a | grep -i graphicsmagick\ngraphicsmagick-zsh-completion-5.7.1-r0 x86_64 {zsh} (custom)\ngraphicsmagick-1.3.33-r1 x86_64 {graphicsmagick} (MIT)\ngraphicsmagick-dev-1.3.33-r1 x86_64 {graphicsmagick} (MIT)\ngraphicsmagick-doc-1.3.33-r1 x86_64 {graphicsmagick} (MIT)\n[me@linux ~]$ \n```\n\n(The website\nhttps://pkgs.alpinelinux.org/packages\nprovides the same information)\n\n\n#### Results of the tests: Is GraphicsMagick available in a package repository?\n\n GraphicsMagick is available in package repositories!\n\n\n| Container image | Command to install GraphicsMagick |\n| ---- | -- |\n| docker.io/library/ubuntu:18.04 | apt-get update \u0026\u0026 apt-get install -y graphicsmagick | \n| registry.fedoraproject.org/fedora:31 | dnf -y update \u0026\u0026 dnf -y install GraphicsMagick |\n| docker.io/library/centos:8 | dnf -y update \u0026\u0026 dnf -y install epel-release \u0026\u0026 dnf -y install GraphicsMagick |\n| docker.io/library/alpine:3 | apk --no-cache add graphicsmagick | \n\n\nBut you will need to use `podman build` to save the result to a new container image.\n\n## Use _podman build_ to run an install command and then save the result to a new container image\n\n\n#### Example Fedora : Install GraphicsMagick with _podman build_\n\nTo install GraphicsMagick on `docker.io/library/fedora:31` and save the result to the new container image\n`localhost/foobar:fedora31`, copy-paste these lines into the terminal\n\n```\necho \"FROM docker.io/library/fedora:31\nRUN dnf -y update \u0026\u0026 dnf -y install GraphicsMagick \u0026\u0026 dnf clean all\n\" | podman build -t foobar:fedora31 -\n\n``` \n\nShow details about the new container \n\n```\n[me@linux ~]$ podman images --filter reference=localhost/foobar:fedora31\nREPOSITORY TAG IMAGE ID CREATED SIZE\nlocalhost/foobar fedora31 3ea792460e93 20 seconds ago 259 MB\n[me@linux ~]$ \n```\n\nThe ` \u0026\u0026 dnf clean all` was added to reduce the size of the container image, otherwise the size would have been 478 MB.\n\nThe text strings _foobar_ and _fedora31_ in `localhost/foobar:fedora31` were arbitrarily chosen. The syntax is _localhost/name:tag_.\n\n#### Example CentOS : Install GraphicsMagick with _podman build_\n\nTo install GraphicsMagick on `docker.io/library/centos:8` and save the result to the new container image\n`localhost/foobar:centos8`, copy-paste these lines into the terminal\n\n\n```\necho \"FROM docker.io/library/centos:8\nRUN dnf -y update \u0026\u0026 dnf -y install epel-release \u0026\u0026 dnf -y install GraphicsMagick \u0026\u0026 dnf clean all\n\" | podman build -t foobar:centos8 -\n\n``` \n\nShow details about the new container\n\n```\n[me@linux ~]$ podman images --filter reference=localhost/foobar:centos8\nREPOSITORY TAG IMAGE ID CREATED SIZE\nlocalhost/foobar centos8 ddbad21e0684 36 seconds ago 395 MB\n[me@linux ~]$ \n```\n\nThe ` \u0026\u0026 dnf clean all` was added to reduce the size of the container image, otherwise the size would have been 433 MB.\n\nThe text strings _foobar_ and _centos8_ in `localhost/foobar:centos8` were arbitrarily chosen. The syntax is _localhost/name:tag_.\n\n\n\n#### Example Ubuntu LTS : Install GraphicsMagick with _podman build_\n\nTo install GraphicsMagick on `docker.io/library/ubuntu:18.04` and save the result to the new container image\n`localhost/foobar:ubuntu1804`, copy-paste these lines into the terminal\n\n```\necho \"FROM docker.io/library/ubuntu:18.04\nRUN apt-get update \u0026\u0026 apt-get install -y --no-install-recommends graphicsmagick \u0026\u0026 rm -rf /var/lib/apt/lists/*\n\" | podman build -t foobar:ubuntu1804 -\n\n```\n\nShow details about the new container\n\n```\n[me@linux ~]$ podman images --filter reference=localhost/foobar:ubuntu1804\nREPOSITORY TAG IMAGE ID CREATED SIZE\nlocalhost/foobar ubuntu1804 891d0886ab51 15 seconds ago 112 MB\n[me@linux ~]$ \n```\n\nBoth `--no-install-recommends` and ` \u0026\u0026 rm -rf /var/lib/apt/lists/*` were added to reduce the size of the container image. \n\n| Image size | Installation command |\n| ---- | -- |\n| 198 MB | apt-get update \u0026\u0026 apt-get install -y graphicsmagick | \n| 170 MB | apt-get update \u0026\u0026 apt-get install -y graphicsmagick \u0026\u0026 rm -rf /var/lib/apt/lists/* | \n| 112 MB | apt-get update \u0026\u0026 apt-get install -y --no-install-recommends graphicsmagick \u0026\u0026 rm -rf /var/lib/apt/lists/* | \n\nThe text strings _foobar_ and _ubuntu1804_ in `localhost/foobar:ubuntu1804` were arbitrarily chosen. The syntax is _localhost/name:tag_.\n\n\n#### Example Alpine : Install GraphicsMagick with _podman build_\n\nTo install GraphicsMagick on `docker.io/library/alpine:3` and save the result to the new container image\n`localhost/foobar:alpine3`, copy-paste these lines into the terminal\n\n```\necho \"FROM docker.io/library/alpine:3\nRUN apk --no-cache add graphicsmagick\n\" | podman build -t foobar:alpine3 -\n\n``` \n\nShow details about the new container\n\n```\n[me@linux ~]$ podman images --filter reference=localhost/foobar:alpine3\nREPOSITORY TAG IMAGE ID CREATED SIZE\nlocalhost/foobar alpine3 93a5ac124e03 35 seconds ago 24.8 MB\n[me@linux ~]$ \n``` \n\n\n\nThe text strings _foobar_ and _alpine3_ in `localhost/foobar:alpine3` were arbitrarily chosen. The syntax is _localhost/name:tag_.\n\n\n#### Compare the sizes of the built images\n\nThe container images ordered in size\n\n| Container image | Installation command |\n| ---- | -- |\n| localhost/foobar:alpine3 | 24.8 MB |\n| localhost/foobar:ubuntu1804 | 112 MB |\n| localhost/foobar:fedora31 | 259 MB |\n| localhost/foobar:centos8 | 395 MB |\n\n## Use the installed software package (resize a photo with GraphicsMagick)\n\nAlthough the containers have been built with different commands and from different Linux distributions,\nthe resulting container images will behave quite similarly when they are used.\n\nThe following examples show how similar they are from a user perspective.\n\n#### Example Fedora : Resize a photo with GraphicsMagick\n\nLet's use the [previously built](#example-fedora--install-graphicsmagick-with-podman-build) container image __localhost/foobar:fedora31__\n\n```\n[me@linux ~]$ podman images --filter reference=localhost/foobar:fedora31\nREPOSITORY TAG IMAGE ID CREATED SIZE\nlocalhost/foobar fedora31 3ea792460e93 1 hour ago 259 MB\n[me@linux ~]$ \n```\n\nto resize the photo _/home/me/img/photo.jpg_\n\n```\n[me@linux ~]$ ls /home/me/img/\nphoto.jpg\n[me@linux ~]$ podman run --rm -v /home/me/img:/home/me/img:Z localhost/foobar:fedora31 gm convert -resize 50% /home/me/img/photo.jpg /home/me/img/resized_photo.jpg\n[me@linux ~]$ ls /home/me/img/\nphoto.jpg\nphoto_resized.jpg\n[me@linux ~]$ \n``` \n\nShow the GraphicsMagick version\n\n``` \n[me@linux ~]$ podman run --rm localhost/foobar:fedora31 gm version | head -1\nGraphicsMagick 1.3.34 2019-12-24 Q16 http://www.GraphicsMagick.org/\n``` \n\n#### Example CentOS : Resize a photo with GraphicsMagick\n\nLet's use the [previously built](#example-centos--install-graphicsmagick-with-podman-build) container image __localhost/foobar:centos8__\n\n```\n[me@linux ~]$ podman images --filter reference=localhost/foobar:centos8\nREPOSITORY TAG IMAGE ID CREATED SIZE\nlocalhost/foobar centos8 ddbad21e0684 1 hour ago 395 MB\n[me@linux ~]$ \n```\n\nto resize the photo _/home/me/img/photo.jpg_\n\n```\n[me@linux ~]$ ls /home/me/img/\nphoto.jpg\n[me@linux ~]$ podman run --rm -v /home/me/img:/home/me/img:Z localhost/foobar:centos8 gm convert -resize 50% /home/me/img/photo.jpg /home/me/img/resized_photo.jpg\n[me@linux ~]$ ls /home/me/img/\nphoto.jpg\nphoto_resized.jpg\n[me@linux ~]$ \n``` \n\nShow the GraphicsMagick version\n\n``` \n[me@linux ~]$ podman run --rm localhost/foobar:centos8 gm version | head -1\nGraphicsMagick 1.3.34 2019-12-24 Q16 http://www.GraphicsMagick.org/\n``` \n\n\n\n\n#### Example Ubuntu LTS : Resize a photo with GraphicsMagick\n\nLet's use the [previously built](#example-ubuntu-lts--install-graphicsmagick-with-podman-build) container image __localhost/foobar:ubuntu1804__\n\n```\n[me@linux ~]$ podman images --filter reference=localhost/foobar:ubuntu1804\nREPOSITORY TAG IMAGE ID CREATED SIZE\nlocalhost/foobar ubuntu1804 891d0886ab51 1 hour ago 112 MB\n[me@linux ~]$ \n```\n\nto resize the photo _/home/me/img/photo.jpg_\n\n```\n[me@linux ~]$ ls /home/me/img/\nphoto.jpg\n[me@linux ~]$ podman run --rm -v /home/me/img:/home/me/img:Z localhost/foobar:ubuntu1804 gm convert -resize 50% /home/me/img/photo.jpg /home/me/img/resized_photo.jpg\n[me@linux ~]$ ls /home/me/img/\nphoto.jpg\nphoto_resized.jpg\n[me@linux ~]$ \n``` \n\nShow the GraphicsMagick version\n\n``` \n[me@linux ~]$ podman run --rm localhost/foobar:ubuntu1804 gm version | head -1\nGraphicsMagick 1.3.28 2018-01-20 Q16 http://www.GraphicsMagick.org/\n``` \n\n#### Example Alpine : Resize a photo with GraphicsMagick\n\nLet's use the [previously built](#example-alpine--install-graphicsmagick-with-podman-build) container image __localhost/foobar:alpine3__\n\n```\n[me@linux ~]$ podman images --filter reference=localhost/foobar:alpine3\nREPOSITORY TAG IMAGE ID CREATED SIZE\nlocalhost/foobar alpine3 93a5ac124e03 2 hours ago 24.8 MB\n[me@linux ~]$ \n``` \n\nto resize the photo _/home/me/img/photo.jpg_\n\n```\n[me@linux ~]$ ls /home/me/img/\nphoto.jpg\n[me@linux ~]$ podman run --rm -v /home/me/img:/home/me/img:Z localhost/foobar:alpine3 gm convert -resize 50% /home/me/img/photo.jpg /home/me/img/resized_photo.jpg\n[me@linux ~]$ ls /home/me/img/\nphoto.jpg\nphoto_resized.jpg\n[me@linux ~]$ \n``` \n\nShow the GraphicsMagick version\n\n``` \n[me@linux ~]$ podman run --rm localhost/foobar:alpine3 gm version | head -1\nGraphicsMagick 1.3.33 2019-07-20 Q16 http://www.GraphicsMagick.org/\n``` \n\n# Search for a pre-built container image\n\nInstead of building your own container image you \ncan often find a pre-built container image in one of the popular container image registries.\n\n## Example: Search docker.io\nLet's search for a pre-built container image that has the software GraphicsMagick installed.\n\nA search for _GraphicsMagic_ on \nhttps://hub.docker.com/\nresults in a list of about 100 different container images from the registry _docker.io_.\nThe results are ordered in popularity.\nOne of the most popular at the time of writing is\nhttps://hub.docker.com/r/jameskyburz/graphicsmagick-alpine/tags\n\n\nIt has a few different versions. To the right-hand side of the web page, you see for instance the text\n\n`docker pull jameskyburz/graphicsmagick-alpine:v3.0.0`\n\nThat is the docker command to download (\"pull\") that version of the container image.\n\n`podman` is aiming to be a drop-in replacement for the `docker` command.\nWhen working with podman it is better to use the full path of the container image,\n i.e. always prepend \"_docker.io/_\" to the\ncontainer image names found at https://hub.docker.com/.\n\nIn other words, use\n\n_docker.io/jameskyburz/graphicsmagick-alpine:v3.0.0_\n\ninstead of\n\n_jameskyburz/graphicsmagick-alpine:v3.0.0_.\n\nThe corresponding podman command is therefore \n\n`podman pull docker.io/jameskyburz/graphicsmagick-alpine:v3.0.0`\n\nTo resize the photo _/home/me/img/photo.jpg_\n\n```\n[me@linux ~]$ ls /home/me/img/\nphoto.jpg\n[me@linux ~]$ podman run --rm -v /home/me/img:/home/me/img:Z docker.io/jameskyburz/graphicsmagick-alpine:v3.0.0 gm convert -resize 50% /home/me/img/photo.jpg /home/me/img/resized_photo.jpg\n[me@linux ~]$ ls /home/me/img/\nphoto.jpg\nphoto_resized.jpg\n[me@linux ~]$ \n``` \n# Security\n## Consider the risc of malicious code in pre-built container images\n\nContainer images under _docker.io/library/*_ are official Docker library images.\nNormally we should be able to trust those more than a container image published by\nan arbitrary user at _docker.io/username/containername:tag_.\n\nLuckily using `podman run` for executables of unknown origin in containers is safer\n\n```\n[me@linux ~]$ podman run --rm example.com/hacker/malicious:v1 malicious_executable\n```\n\nthan executing an untrusted executable directly\n\n```\n[me@linux ~]$ wget http://example.com/malicious_executable\n[me@linux ~]$ chmod 755 malicious_executable\n[me@linux ~]$ ./malicious_executable\n```\n\nThe reason is that `podman run` provides extra encapsulation protection.\n\n* Write access to directories on the host system need to be granted explicitly with (`--volume`, `-v`).\n* add more items here ...\n\n## How to run a command in a container image in a more secure and restricted way\n\nA command for resizing photos should not need access to the network.\nTo disable network access, add `--net none` as an argument to `podman run`.\n\n`podman run` can be restricted even further by for instance\n\n* --read-only=true\n* --security-opt=\n* --ulimit=option\n* --cap-drop=\n* --cpu-quota=\n* --shm-size=\n* --http-proxy=false\n* --volume (-v) can be made read-only\n* --security-opt=seccomp=profile.json\n* --security-opt=no-new-privileges\n\nMan page for `podman run`:\nhttps://github.com/containers/libpod/blob/master/docs/source/markdown/podman-run.1.md\n\n## How to save disk space\n\n### Easy tip: Use containers based on Alpine \n\nAlpine container images are very small. \n\n### Easy tip: Remove unnecessary container images\n\n`podman rmi imagename`\n\nExample: Removing container image _localhost/foobar:centos8_\n\n```\n[me@linux ~]$ podman images --filter reference=localhost/foobar:centos8\nREPOSITORY TAG IMAGE ID CREATED SIZE\nlocalhost/foobar centos8 b1d1374ebbbf 31 minutes ago 395 MB\n[me@linux ~]$ df -h --output=avail .\nAvail\n 9.0G\n[me@linux ~]$ podman rmi localhost/foobar:centos8\nUntagged: localhost/foobar:centos8\nDeleted: b1d1374ebbbf650b34b81f0a3a3cb8cfba0a5b98da57582c70373d6abe695459\n[me@linux ~]$ df -h --output=avail .\nAvail\n 9.2G\n[me@linux ~]$ \n```\n\nThe command\n`podman images --sort size`\nlists the images in size order.\n\nTo list the biggest container image\n\n```\n[me@linux ~]$ podman images --sort size | tail -1\n\u003cnone\u003e \u003cnone\u003e a4977efc66f2 8 days ago 1.56 GB\n[me@linux ~]$ \n\n```\n\n## How to save time\n\n### Speed up _podman build_ by reusing the package metadata cache\n\nThe first step of a container build is often to download metadata from\nthe package repositories and post-process the data.\n\nThis build step may take half a minute or so but luckily we can avoid it by reusing\nthe result.\n\nThe trick is to create the package metadata cache in advance and reuse it with an _overlay mount_.\n\n#### Example Fedora : Speed up _podman build_ by reusing the DNF metadata cache\n\nLet's assume we are building containers based on Fedora 31.\n\nFirst, create an empty directory, for instance _/home/me/f31cache_.\n\n```\n[me@linux ~]$ mkdir $HOME/f31cache\n[me@linux ~]$ \n```\n\nFill the directory with the most recent __dnf__ metadata cache for _Fedora 31_.\n\n```\n[me@linux ~]$ time podman run --rm -v $HOME/f31cache:/var/cache/dnf:Z registry.fedoraproject.org/fedora:31 dnf makecache\nFedora Modular 31 - x86_64 413 kB/s | 5.2 MB 00:12 \nFedora Modular 31 - x86_64 - Updates 3.0 MB/s | 4.0 MB 00:01 \nFedora 31 - x86_64 - Updates 16 MB/s | 22 MB 00:01 \nFedora 31 - x86_64 30 MB/s | 71 MB 00:02 \nLast metadata expiration check: 0:00:01 ago on Sat Mar 21 18:50:20 2020.\nMetadata cache created.\n\nreal\t0m36.327s\nuser\t0m0.152s\nsys\t0m0.076s\n[me@linux ~]$ \n```\n\nThe command took __36__ seconds to finish.\n\n```\n[me@linux ~]$ du -sh $HOME/f31cache\n212M\t/home/me/f31cache\n```\n\nThe directory consumes __212 MB__ of disk space.\n\nLet's rebuild the [previously built](#example-fedora--install-graphicsmagick-with-podman-build) container image __localhost/foobar:fedora31__, but\nnow by reusing the DNF metadata cache from _/home/me/f31cache_.\n\nCopy-paste these lines into the terminal\n\n```\necho \"FROM docker.io/library/fedora:31\nRUN dnf -y update \u0026\u0026 dnf -y install epel-release \u0026\u0026 dnf -y install GraphicsMagick \u0026\u0026 dnf clean all\n\" | time podman build -v $HOME/f31cache:/var/cache/dnf:O -t foobar:fedora31 -\n\n```\n\nThe `podman build` command finishes succesfully. `time` prints\n\n```\n0.17user 0.06system 0:00.22elapsed 104%CPU (0avgtext+0avgdata 42212maxresident)k\n0inputs+3232outputs (0major+6383minor)pagefaults 0swaps\n```\n\n__0.22 seconds__! Less than one second! No, that is too fast to believe it's true.\nWe need to add the flag `--no-cache` so that podman will actually rebuild the container image\nwithout reusing cached results.\n\nA second trial:\n\nCopy-paste these lines into the terminal\n\n```\necho \"FROM docker.io/library/fedora:31\nRUN dnf -y update \u0026\u0026 dnf -y install epel-release \u0026\u0026 dnf -y install GraphicsMagick \u0026\u0026 dnf clean all\n\" | time podman build --no-cache -v $HOME/f31cache:/var/cache/dnf:O -t foobar:fedora31 -\n\n```\n\nThe `podman build` command finishes succesfully. `time` prints\n\n```\n13.73user 3.20system 0:25.77elapsed 65%CPU (0avgtext+0avgdata 173404maxresident)k\n553208inputs+523056outputs (453major+320854minor)pagefaults 0swaps\n```\n\nAbout __26 seconds__!\n\nA normal build without `-v $HOME/f31y3:/var/cache/dnf:O` takes __52 seconds__.\n\n__Conclusion:__ Reusing the DNF metadata cache speeds things up.\n\nThe blog post [_Speeding up container image builds with Buildah_](https://www.redhat.com/sysadmin/speeding-container-buildah) provides more details.\n\n## Linux container images for the brave adventurous user not afraid of bugs\n\n| Container image | Size (MB) | Comment |\n| ---- | -- | -- |\n| registry.fedoraproject.org/fedora:rawhide | 207 | The latest development of Fedora (not yet released). :warning: Expect more bugs. |\n| docker.io/library/alpine:edge | 6 | The latest development of Alpine (not yet released). :warning: Expect more bugs. |\n| docker.io/library/debian:unstable | 123 | The latest development of Debian (not yet released). :warning: Expect more bugs. |\n\n## When to use the flags _-i_ (_--interactive_) and _-t_ (_--tty_)\n\nIf your program reads from _stdin_, use the command line flag `-i`\n\n```\n[me@linux ~]$ echo Just one line | podman run --rm -i docker.io/library/ubuntu:18.04 wc -l\n1\n[me@linux ~]$ \n```\n\nIf your program needs interaction over the terminal, use the command line flags `-t` and `-i`\n\n```\n[me@linux ~]$ podman run --rm -ti docker.io/library/ubuntu:18.04 /bin/bash -c 'echo -n \"Type something: \"; read aa; echo \"You typed: $aa\"'\nType something: abc\nYou typed: abc\n[me@linux ~]$ \n```\n\n:warning: Using the `-t` flag may slightly modify the output, by adding extra _carriage return_ characters.\nThis might be very surprising. The extra _carrage return_ (`\\r`) is not added by podman, but by\nthe terminal. \n\n```\n[me@linux ~]$ echo abc | od -c\n0000000 a b c \\n\n0000004\n[me@linux ~]$ podman run --rm docker.io/library/ubuntu:18.04 echo abc | od -c\n0000000 a b c \\n\n0000004\n[me@linux ~]$ podman run --rm -ti docker.io/library/ubuntu:18.04 echo abc | od -c\n0000000 a b c \\r \\n\n0000005\n[me@linux ~]$ \n```\n\n## The professional way, using Dockerfile and GitHub/GitLab\n### Using Github\n\nBoth [GitHub](https://github.com) and [GitLab](https://gitlab.com) provide a hosted version control system.\nThey are mainly used for hosting the source code of many software projects.\n\n#### Create a public GitHub repo with a Dockerfile\n\nFirst sign up for an (free) account on GitHub, if you haven't done so already. \nOn the [front page](https://github.com/) you will see a green button labeled \"_Sign up for GitHub_\".\n\nThen create a new repo\nhttps://help.github.com/en/github/getting-started-with-github/create-a-repo\n\nAt step nr 4: _Choose a repository visbility._ choose _Public_.\n\nAt step nr 7: choose _Commit directly to the master branch_ instead of _Create a new branch for this commit and start a pull request_.\n\nIn the web interface, create a new file named _Dockerfile_.\n\n\nYet to be written ...\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feriksjolund%2Fusing-podman-quick-instructions","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feriksjolund%2Fusing-podman-quick-instructions","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feriksjolund%2Fusing-podman-quick-instructions/lists"}