11 KiB

Raw Blame History

Container Builds

Overview

NIP supports building packages in isolated containers using Podman, Docker, or containerd. This provides a clean, reproducible build environment without installing build tools on your host system.

Why Use Container Builds?

Advantages:

✅ No build tools needed on host system
✅ Complete isolation from host
✅ Reproducible builds
✅ Rootless with Podman (no root required)
✅ Clean host system
✅ Easy cleanup

Perfect for:

Arch Linux users wanting Gentoo builds
Testing packages before committing
CI/CD pipelines
Multi-user systems
Security-conscious users

Quick Start

1. Install Container Runtime

# Arch Linux (Podman recommended)
sudo pacman -S podman

# Debian/Ubuntu
sudo apt install podman

# Gentoo
sudo emerge app-containers/podman

# Fedora
sudo dnf install podman

2. Build in Container

# NIP automatically uses containers when build tools aren't available
nip build vim +python --source=gentoo

# Or explicitly request container build
nip build vim +python --source=gentoo --container

Automatic Container Selection

When you try to build from source, NIP automatically offers container builds:

$ nip build vim +python --source=gentoo

⚠️  gentoo not found

NIP can help you set up gentoo builds:

1. 🚀 Install minimal tools via NIP (recommended)
   • Lightweight standalone emerge binary
   • Minimal portage snapshot
   • ~50MB download, ~100MB installed

2. 📦 Use containerized environment
   • podman 5.6.2 (rootless) detected
   • Isolated builds, no host installation
   • ~200MB download (first time)

3. 🔧 Install full gentoo manually
   • Follow: https://wiki.gentoo.org/wiki/Portage

4. 🔄 Try a different source
   • nip build vim --source=nix

Choose option (1-4) or 'q' to quit: 2

✅ Container runtime available: podman 5.6.2 (rootless)

📦 Container builds for gentoo are ready to use

Usage:
  nip build <package> --source=gentoo --container

The build will run in an isolated container automatically.

Container Runtimes

Podman (Recommended)

Why Podman:

✅ Rootless by default (no root required)
✅ Daemonless (no background service)
✅ Drop-in Docker replacement
✅ Better security
✅ OCI compliant

Install:

# Arch Linux
sudo pacman -S podman

# Debian/Ubuntu
sudo apt install podman

# Gentoo
sudo emerge app-containers/podman

Verify:

podman --version
nip container info

Docker

Why Docker:

✅ Widely supported
✅ Large ecosystem
✅ Well documented

Install:

# Arch Linux
sudo pacman -S docker
sudo systemctl enable --now docker
sudo usermod -aG docker $USER

# Debian/Ubuntu
sudo apt install docker.io
sudo systemctl enable --now docker
sudo usermod -aG docker $USER

Verify:

docker --version
nip container info

containerd (via nerdctl)

Why containerd:

✅ Lightweight
✅ Kubernetes-native
✅ Fast

Install:

# Arch Linux
sudo pacman -S containerd nerdctl

# Verify
nerdctl --version
nip container info

Container Commands

Check Container Support

# Show container runtime info
nip container info

# Detect all available runtimes
nip container detect

# List available build images
nip container list

Manage Images

# Pull build image
nip container pull gentoo
nip container pull nix

# List images
nip container list

# Remove image
nip container remove gentoo/stage3:latest

Build in Container

# Basic container build
nip build vim --source=gentoo --container

# With USE flags
nip build vim +python+ruby --source=gentoo --container

# With optimizations
nip build ffmpeg +vaapi+lto --source=gentoo --container

# Specify container runtime
nip build vim --container-runtime=podman --source=gentoo

Cleanup

# Clean up stopped containers
nip container clean

# Remove unused images
nip container prune

Build Environments

Gentoo Builds

# Pull Gentoo image
nip container pull gentoo

# Build with USE flags
nip build vim +python+ruby --source=gentoo --container

# Build with custom CFLAGS
nip build ffmpeg +vaapi --source=gentoo --container \
  --cflags="-O3 -march=native"

Image: gentoo/stage3:latest Size: ~200MB Features: Full Portage, USE flags, custom CFLAGS

Nix Builds

# Pull Nix image
nip container pull nix

# Build from Nix
nip build firefox --source=nix --container

Image: nixos/nix:latest Size: ~150MB Features: Reproducible builds, binary cache

PKGSRC Builds

# Pull PKGSRC image
nip container pull pkgsrc

# Build from PKGSRC
nip build vim --source=pkgsrc --container

Image: Custom PKGSRC image Size: ~180MB Features: BSD-style builds, portable

Configuration

User Configuration

Edit ~/.nip/config:

# Container preferences
container-runtime = "podman"  # podman, docker, containerd
container-auto-pull = true
container-keep-after-build = false

# Build preferences
prefer-container-builds = false
container-build-timeout = 3600  # seconds

Command-Line Options

# Force container build
nip build vim --container

# Specify runtime
nip build vim --container-runtime=podman

# Keep container after build
nip build vim --container --keep-container

# Custom image
nip build vim --container-image=gentoo/stage3:systemd

Advanced Usage

Custom Images

# Use custom Gentoo image
nip build vim --container-image=gentoo/stage3:systemd

# Use specific tag
nip build vim --container-image=gentoo/stage3:latest

Mount Directories

# Mount custom directory
nip build vim --container \
  --mount=/path/to/source:/build/source

# Mount multiple directories
nip build vim --container \
  --mount=/path/1:/build/1 \
  --mount=/path/2:/build/2

Environment Variables

# Set environment variables
nip build vim --container \
  --env=USE="python ruby" \
  --env=MAKEOPTS="-j8"

Resource Limits

# Limit CPU
nip build vim --container --cpus=4

# Limit memory
nip build vim --container --memory=4g

# Both
nip build vim --container --cpus=4 --memory=4g

Workflows

Arch Linux: Gentoo Builds in Containers

# Install Podman
sudo pacman -S podman

# Build optimized packages without installing Gentoo
nip build vim +python+ruby+lto --source=gentoo --container
nip build ffmpeg +vaapi+cpu-native --source=gentoo --container

# Packages are installed to /Programs/ as usual
# No Gentoo tools on your system!

Gentoo: Nix Packages in Containers

# Install Podman
sudo emerge app-containers/podman

# Get Nix packages without installing Nix
nip install firefox --source=nix --container
nip install vscode --source=nix --container

# Fast binary installations, no compilation

CI/CD Pipeline

# In your CI script
nip container pull gentoo
nip build myapp +production --source=gentoo --container
nip test myapp
nip package myapp

Troubleshooting

###Container Runtime Not Found

# Check if installed
podman --version
docker --version

# Check NIP detection
nip container detect

# Install if needed
sudo pacman -S podman

Permission Denied

# For Docker, add user to docker group
sudo usermod -aG docker $USER
newgrp docker

# For Podman, no special permissions needed (rootless)

Image Pull Fails

# Check network
ping registry.hub.docker.com

# Try different registry
nip container pull --registry=docker.io gentoo/stage3

# Manual pull
podman pull gentoo/stage3:latest

Build Fails in Container

# Check logs
nip build vim --container --verbose

# Keep container for debugging
nip build vim --container --keep-container

# Inspect container
podman ps -a
podman logs <container-id>

Out of Disk Space

# Clean up containers
nip container clean

# Remove unused images
podman image prune

# Check disk usage
podman system df

Performance Tips

Use Binary Cache

# Enable binary cache for Nix
nip config set nix-binary-cache true

# Use Gentoo binpkgs
nip config set gentoo-binpkgs true

Parallel Builds

# Set MAKEOPTS
nip build vim --container --env=MAKEOPTS="-j$(nproc)"

Reuse Images

# Pull images once
nip container pull gentoo
nip container pull nix

# Builds will reuse cached images
nip build vim --container
nip build emacs --container

Layer Caching

Container runtimes cache layers automatically:

First build: ~5-10 minutes
Subsequent builds: ~1-2 minutes

Security

Rootless Containers

# Podman runs rootless by default
podman info | grep rootless

# Check in NIP
nip container info

Isolation

# Containers are isolated from host
# No access to host filesystem except mounted directories
# Network isolation available

# Run with network isolation
nip build vim --container --network=none

Image Verification

# NIP verifies image checksums
# Container runtimes verify signatures

# Check image
podman image inspect gentoo/stage3:latest

Comparison: Native vs Container

Feature	Native Build	Container Build
Setup	Install tools	Install runtime
Isolation	System-wide	Complete
Speed	Faster	Slightly slower
Disk Usage	Lower	Higher
Cleanup	Manual	Automatic
Security	Lower	Higher
Reproducibility	Medium	High

Recommendation:

Use native builds for frequent development
Use container builds for testing and CI/CD
Use containers on Arch for Gentoo builds

Best Practices

1. Use Podman for Rootless

sudo pacman -S podman
nip config set container-runtime podman

2. Pull Images in Advance

nip container pull gentoo
nip container pull nix

3. Clean Up Regularly

nip container clean
podman system prune

4. Use Binary Cache

nip config set binary-cache true

5. Limit Resources

nip build --container --cpus=4 --memory=4g

Examples

Development Environment

# Install Podman
sudo pacman -S podman

# Build development tools in containers
nip build vim +python+ruby --source=gentoo --container
nip build emacs +gtk --source=gentoo --container

Testing Packages

# Test package in container before installing
nip build myapp --source=gentoo --container --keep-container

# If good, install normally
nip build myapp --source=gentoo

CI/CD

# .gitlab-ci.yml
build:
  script:
    - nip container pull gentoo
    - nip build myapp --source=gentoo --container
    - nip test myapp

Getting Help

Documentation

Commands

nip container --help
nip build --help

Support

Summary

Container builds provide:

✅ Clean host system - No build tools needed ✅ Complete isolation - Secure, reproducible builds ✅ Rootless operation - No root required with Podman ✅ Easy cleanup - Automatic container removal ✅ Cross-platform - Build Gentoo on Arch, Nix on Gentoo ✅ CI/CD ready - Perfect for automation

Get started:

sudo pacman -S podman
nip build vim +python --source=gentoo --container

That's it! NIP handles everything else automatically.

11 KiB Raw Blame History

Container Builds

Overview

Why Use Container Builds?

Quick Start

1. Install Container Runtime

2. Build in Container

Automatic Container Selection

Container Runtimes

Podman (Recommended)

Docker

containerd (via nerdctl)

Container Commands

Check Container Support

Manage Images

Build in Container

Cleanup

Build Environments

Gentoo Builds

Nix Builds

PKGSRC Builds

Configuration

User Configuration

Command-Line Options

Advanced Usage

Custom Images

Mount Directories

Environment Variables

Resource Limits

Workflows

Arch Linux: Gentoo Builds in Containers

Gentoo: Nix Packages in Containers

CI/CD Pipeline

Troubleshooting

Permission Denied

Image Pull Fails

Build Fails in Container

Out of Disk Space

Performance Tips

Use Binary Cache

Parallel Builds

Reuse Images

Layer Caching

Security

Rootless Containers

Isolation

Image Verification

Comparison: Native vs Container

Best Practices

1. Use Podman for Rootless

2. Pull Images in Advance

3. Clean Up Regularly

4. Use Binary Cache

5. Limit Resources

Examples

Development Environment

Testing Packages

CI/CD

Getting Help

Documentation

Commands

Support

Summary

11 KiB

Raw Blame History