Dear Maintainer,

I really think packages uidmap and slirp4netns should be full-fledged dependencies for podman.

I say this because after installing podman and trying to run some containers in rootless mode I found myself fighting cryptic error messages that were solved by installing those two packages.

Thank you for all you're doing.

Control: tag -1 upstream
Control: severity -1 minor
My thinking when choosing dependencies was:

- podman has significant performance benefits when running as root
- the podman package dependencies should be as minimal as possible, in
particular on system where podman is running as root.

I do sympathize with the cryptic error message. May I ask you to forward
your suggestion on wording directly to upstream at
https://github.com/containers/podman/issues ?

Please do let me know the  upstream bug number and your thoughts on this.

Best,
-rt

Control: tag -1 upstream
Control: severity -1 minor
My thinking when choosing dependencies was:

- podman has significant performance benefits when running as root
- the podman package dependencies should be as minimal as possible, in
particular on system where podman is running as root.

I do sympathize with the cryptic error message. May I ask you to forward
your suggestion on wording directly to upstream at
https://github.com/containers/podman/issues ?

Please do let me know the  upstream bug number and your thoughts on this.

Best,
-rt

My thinking was more along the lines of "If I'm going to run this as
root, I might as well run docker." And I saw podman rootless mode
kinda equivalent to the docker group when using docker. (But I am a
novice with podman, I pretty much just discovered it.)

If you want some comparisons, on Fedora podman rootless just works (I
don't actually know want dependencies they install, because I use it
to run one-off containers on my laptop -- the servers run docker)

The errors were not that cryptic by themselves but required some
googling to understand what binaries were missing and what packages
provided them. I think adding some instructions on the wiki
(https://wiki.debian.org/Podman) should be enough if dependencies are
to be minimal.

Indeed. When I ran into this in #983395, I was told here I’m supposed to
use sudo (or install Recommends, which IIRC are disabled in Docker
images), while the upstream told me I should use rootless mode.
Eventually I managed to get a change merged to improve the error
message, but I still find this a bit suboptimal. Just installing the
package should make the most desired mode work without fiddling with it,
and the upstream states that mode is rootless mode, hence uidmap and its
friend should be in Depends, not Recommends.

Control: tag -1 wontfix

I have to respectfully disagree here. In Debian, "Recommends" relationships
are installed by default, and your message indicates to me that you have
configured your system to not install them. It furthermore seems to me that
this bug is asking for a convenience that is making your non-standard setup
easier, while making other setups where podman is used only in 'root' mode,
impossible to install without idmap and friends.
I'm going to leave this bug open to remind myself to think about this from
time to time, but I still wanted to document my thinking process here more
clearly.

Thanks for your input nevertheless!

Hi,

Reinhard, thanks for your answer, but I believe you missed one bit of my
email:

This:

There’s another thing, which I mentioned but I should have made more
clear. The upstream states the rootless mode is the main mode of
operation, hence I think it should be available regardless of
Recommends, don’t you think?

Also, from what I gathered talking to Debian and Ubuntu users of podman
who are not DDs, many of them are frustrated by papercuts like this one,
so in general I think the package should be made to work as effortlessly
as possible. So even if the user hasn’t got Recommends installation
enabled, podman should probably be packaged not to make them stumble
upon this.

First of all, I'd say that rootless is the main differentiator from
Docker, but far from being a "main mode". Podman works equally well in
rootless and rootful configurations, with the latter being the mode that
one would use as a 1:1 Docker replacement, or in production environment
scenarios where more performant or advanced network configurations are
required.

Second,  according to Policy § 7.2, "The Recommends field should list
packages that would be found together with this one in all but unusual
installations". If folks explicitly pass --no-install-recommends to apt
(or the equivalent preferences.d), then they get to keep the pieces when
things break; I wouldn't call that a papercut. The installation /is/
effortless out of the box, unless one decides that they want to do
something against the maintainer's recommendations, in which case they
should be able to, but with (a bit of) a price to pay.

Hard-Depending on dependencies that are not actually required in common
modes of operation, in this case e.g. servers using podman for
production services, doesn't serve our users -- it just forces
unnecessary cruft on their system, for little benefit to others.

Note that I'm not on a quest against rootless: a couple of years back,
on #987207, I argued to downgrade iptables from Depends to Recommends,
for the same reasosn but to the benefit of rootless users: to avoid the
cruft in rootless configurations :)

So I'm definitely +1 to mark this as wontfix, FWIW.

Best,
Faidon