Use transient mode in podman.

files/podman-clean-transient.service

@@ -0,0 +1,20 @@
+# This service runs once each boot to remove potential leftover
+# container state from previous boots.
+
+# This is needed as we're using transient mode in podman where the
+# database and other configs are stored in tmpfs, but some other files
+# are not. If we don't run this after ane unclean boot then there may
+# be leftover files that collect over time.
+
+[Unit]
+Description=Clean up podman transient data
+RequiresMountsFor=%t/containers
+Requires=boot-complete.target
+After=local-fs.target boot-complete.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/podman system prune --external
+
+[Install]
+WantedBy=multi-user.target

files/storage.conf

@@ -3,6 +3,11 @@
 driver = "overlay"
 runroot = "/run/containers/storage"
 graphroot = "/var/lib/containers/storage"
+# Enables a global transient storaga mode where all container metadata is stored on non-persistant media
+# This guaranteea a fresh state on boot.
+# However it is not compabible with a traditional model where containers persist across reboots.
+# Use with `podman-clean-transient.service`
+transient_store = true
 
 [storage.options]
 # We add a custom "/usr/share/containers/storage" here to allow readonly in-image containers

hosting/build.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+podman build --no-cache \
+       --build-arg commit=cs9-qemu-container-ostree.x86_64.repo \
+       -f ./hosting/Dockerfile \
+       -t j7s-os:latest .

images/container.mpp.yml

@@ -33,15 +33,15 @@ pipelines:
             - mpp-eval: distro_repos
             - mpp-eval: target_repos
             - mpp-eval: extra_repos
-            - - id: copr-quadlet
-                baseurl: https://download.copr.fedorainfracloud.org/results/alexl/quadlet/centos-stream-9-$arch/
+            - - id: copr-podman
+                baseurl: https://download.copr.fedorainfracloud.org/results/alexl/podman-snapshot/centos-stream-9-x86_64/
           packages:
             mpp-join:
             - mpp-eval: base_rpms
             - mpp-eval: image_rpms
             - mpp-eval: extra_rpms
             - - podman
-              - quadlet
+              - podman-quadlet
               - curl
           excludes:
           - dracut-config-rescue
@@ -53,11 +53,20 @@ pipelines:
         mpp-embed:
           id: storage.conf
           path: ../files/storage.conf
+      inlinefile2:
+        type: org.osbuild.files
+        origin: org.osbuild.source
+        mpp-embed:
+          id: podman-clean-transient.service
+          path: ../files/podman-clean-transient.service
     options:
       paths:
       - from:
           mpp-format-string: input://inlinefile/{embedded['storage.conf']}
         to: tree:///etc/containers/storage.conf
+      - from:
+          mpp-format-string: input://inlinefile2/{embedded['podman-clean-transient.service']}
+        to: tree:///etc/systemd/system/podman-clean-transient.service
   - type: org.osbuild.copy
     inputs:
       inlinefile:
@@ -111,5 +120,6 @@ pipelines:
       enabled_services:
       - NetworkManager.service
       - rngd.service
+      - podman-clean-transient
 - mpp-import-pipelines:
     path: include/image.ipp.yml

k8s/run.sh

@@ -4,5 +4,5 @@ sudo podman run --rm \
      -v $PWD:/project:Z \
      -w /project \
      localhost/j7s-os-builder:latest \
-     make cs9-qemu-minimal-ostree.x86_64.repo
+     make cs9-qemu-container-ostree.x86_64.repo