mongodb
diff --git a/‎scripts/dev/configure_container_auth.sh‎
Lines changed: 14 additions & 50 deletions b/‎scripts/dev/configure_container_auth.sh‎
Lines changed: 14 additions & 50 deletions
diff --git a/‎scripts/dev/setup_ibm_container_runtime.sh‎
Lines changed: 65 additions & 14 deletions b/‎scripts/dev/setup_ibm_container_runtime.sh‎
Lines changed: 65 additions & 14 deletions
@@ -22,16 +22,14 @@ setup_validate_container_runtime() {
         echo "Error: Podman is not available but was specified"
         exit 1
       fi
-      USE_SUDO=true
-      CONFIG_PATH="/root/.config/containers/auth.json"
-      echo "Using Podman for container authentication (sudo mode)"
+      CONFIG_PATH="${HOME}/.config/containers/auth.json"
+      echo "Using Podman for container authentication (rootless mode)"
       ;;
     "docker")
       if ! command -v docker &> /dev/null; then
         echo "Error: Docker is not available but was specified"
         exit 1
       fi
-      USE_SUDO=false
       CONFIG_PATH="${HOME}/.docker/config.json"
       echo "Using Docker for container authentication"
       ;;
@@ -41,41 +39,7 @@ setup_validate_container_runtime() {
       ;;
   esac
 
-  if [[ "${USE_SUDO}" == "true" ]]; then
-    sudo mkdir -p "$(dirname "${CONFIG_PATH}")"
-  else
-    mkdir -p "$(dirname "${CONFIG_PATH}")"
-  fi
-}
-
-# Wrapper function to execute commands with or without sudo
-exec_cmd() {
-  if [[ "${USE_SUDO}" == "true" ]]; then
-    sudo env PATH="${PATH}" "$@"
-  else
-    "$@"
-  fi
-}
-
-# Wrapper function to read files with or without sudo
-read_file() {
-  local file="$1"
-  if [[ "${USE_SUDO}" == "true" ]]; then
-    sudo cat "${file}"
-  else
-    cat "${file}"
-  fi
-}
-
-# Wrapper function to write files with or without sudo
-write_file() {
-  local content="$1"
-  local file="$2"
-  if [[ "${USE_SUDO}" == "true" ]]; then
-    echo "${content}" | sudo tee "${file}" > /dev/null
-  else
-    echo "${content}" > "${file}"
-  fi
+  mkdir -p "$(dirname "${CONFIG_PATH}")"
 }
 
 remove_element() {
@@ -84,11 +48,11 @@ remove_element() {
   tmpfile=$(mktemp)
 
   if [[ ! -f "${CONFIG_PATH}" ]]; then
-    write_file '{}' "${CONFIG_PATH}"
+    echo '{}' > "${CONFIG_PATH}"
   fi
 
-  exec_cmd jq 'del(.'"${config_option}"')' "${CONFIG_PATH}" > "${tmpfile}"
-  exec_cmd cp "${tmpfile}" "${CONFIG_PATH}"
+  jq 'del(.'"${config_option}"')' "${CONFIG_PATH}" > "${tmpfile}"
+  cp "${tmpfile}" "${CONFIG_PATH}"
   rm "${tmpfile}"
 }
 
@@ -97,7 +61,7 @@ registry_login() {
   local registry="$2"
 
   if [[ "${CONTAINER_RUNTIME}" == "podman" ]]; then
-    exec_cmd podman login --authfile "${CONFIG_PATH}" --username "${username}" --password-stdin "${registry}"
+    podman login --authfile "${CONFIG_PATH}" --username "${username}" --password-stdin "${registry}"
   else
     docker login --username "${username}" --password-stdin "${registry}"
   fi
@@ -106,13 +70,13 @@ registry_login() {
 setup_validate_container_runtime
 
 if [[ ! -f "${CONFIG_PATH}" ]]; then
-  write_file '{}' "${CONFIG_PATH}"
+  echo '{}' > "${CONFIG_PATH}"
 fi
 
 if [[ -f "${CONFIG_PATH}" ]]; then
   if [[ "${RUNNING_IN_EVG:-"false"}" != "true" ]]; then
     echo "Checking if container registry credentials are valid..."
-    ecr_auth=$(exec_cmd jq -r '.auths."268558157000.dkr.ecr.us-east-1.amazonaws.com".auth // empty' "${CONFIG_PATH}")
+    ecr_auth=$(jq -r '.auths."268558157000.dkr.ecr.us-east-1.amazonaws.com".auth // empty' "${CONFIG_PATH}")
 
     if [[ -n "${ecr_auth}" ]]; then
       http_status=$(curl --head -s -o /dev/null -w "%{http_code}" --max-time 3 "https://268558157000.dkr.ecr.us-east-1.amazonaws.com/v2/dev/mongodb-kubernetes/manifests/latest" \
@@ -132,10 +96,10 @@ if [[ -f "${CONFIG_PATH}" ]]; then
 
   # There could be some leftovers on Evergreen (Docker-specific, skip for Podman)
   if [[ "${CONTAINER_RUNTIME}" == "docker" ]]; then
-    if exec_cmd grep -q "credsStore" "${CONFIG_PATH}"; then
+    if grep -q "credsStore" "${CONFIG_PATH}"; then
       remove_element "credsStore"
     fi
-    if exec_cmd grep -q "credHelpers" "${CONFIG_PATH}"; then
+    if grep -q "credHelpers" "${CONFIG_PATH}"; then
       remove_element "credHelpers"
     fi
   fi
@@ -149,7 +113,7 @@ aws ecr get-login-password --region "us-east-1" | registry_login "AWS" "26855815
 # by default docker tries to store credentials in an external storage (e.g. OS keychain) - not in the config.json
 # We need to store it as base64 string in config.json instead so we need to remove the "credsStore" element
 # This is Docker-specific behavior, Podman stores credentials directly in auth.json
-if [[ "${CONTAINER_RUNTIME}" == "docker" ]] && exec_cmd grep -q "credsStore" "${CONFIG_PATH}"; then
+if [[ "${CONTAINER_RUNTIME}" == "docker" ]] && grep -q "credsStore" "${CONFIG_PATH}"; then
   remove_element "credsStore"
 
   # login again to store the credentials into the config.json
@@ -164,8 +128,8 @@ if [[ -n "${PRERELEASE_PULLSECRET_DOCKERCONFIGJSON:-}" ]]; then
   quay_io_auth_file=$(mktemp)
   config_tmp=$(mktemp)
   echo "${PRERELEASE_PULLSECRET_DOCKERCONFIGJSON}" | base64 -d > "${quay_io_auth_file}"
-  exec_cmd jq -s '.[0] * .[1]' "${quay_io_auth_file}" "${CONFIG_PATH}" > "${config_tmp}"
-  exec_cmd mv "${config_tmp}" "${CONFIG_PATH}"
+  jq -s '.[0] * .[1]' "${quay_io_auth_file}" "${CONFIG_PATH}" > "${config_tmp}"
+  mv "${config_tmp}" "${CONFIG_PATH}"
   rm "${quay_io_auth_file}"
 fi
 
 
@@ -2,42 +2,93 @@
 
 set -Eeou pipefail
 
+echo "=========================================="
+echo "Setting up IBM container runtime (rootless)"
+echo "=========================================="
+
+# Setup XDG_RUNTIME_DIR for rootless podman
+# This directory must exist and be writable for rootless containers
+setup_runtime_dir() {
+  local uid
+  uid=$(id -u)
+  local runtime_dir="/run/user/${uid}"
+
+  if [[ ! -d "${runtime_dir}" ]]; then
+    echo "Creating XDG_RUNTIME_DIR: ${runtime_dir}"
+    sudo mkdir -p "${runtime_dir}"
+    sudo chown "$(whoami):$(whoami)" "${runtime_dir}"
+    sudo chmod 700 "${runtime_dir}"
+  elif [[ ! -w "${runtime_dir}" ]]; then
+    echo "Fixing permissions on XDG_RUNTIME_DIR: ${runtime_dir}"
+    sudo chown "$(whoami):$(whoami)" "${runtime_dir}"
+    sudo chmod 700 "${runtime_dir}"
+  fi
+
+  export XDG_RUNTIME_DIR="${runtime_dir}"
+  echo "XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR}"
+
+  # Create containers subdirectory
+  mkdir -p "${runtime_dir}/containers" 2>/dev/null || true
+}
+
+setup_runtime_dir
+
 echo "Cleaning DNF cache..."
-sudo dnf clean all && sudo rm -r /var/cache/dnf
+sudo dnf clean all && sudo rm -rf /var/cache/dnf || true
 
 echo "Installing/upgrading crun..."
 sudo dnf upgrade -y crun --disableplugin=subscription-manager || \
 sudo dnf install -y crun --disableplugin=subscription-manager || \
 sudo yum upgrade -y crun --disableplugin=subscription-manager || \
 sudo yum install -y crun --disableplugin=subscription-manager
 
-if ! crun --version &>/dev/null; then
-  echo "❌ crun installation failed"
+# Find crun path - it might be in different locations
+crun_path=""
+for path in /usr/bin/crun /usr/local/bin/crun /bin/crun; do
+  if [[ -x "${path}" ]]; then
+    crun_path="${path}"
+    break
+  fi
+done
+
+if [[ -z "${crun_path}" ]]; then
+  # Try to find it
+  crun_path=$(command -v crun 2>/dev/null || true)
+fi
+
+if [[ -z "${crun_path}" || ! -x "${crun_path}" ]]; then
+  echo "❌ crun not found after installation"
+  echo "Searching for crun..."
+  find /usr -name "crun" -type f 2>/dev/null || true
   exit 1
 fi
 
-current_version=$(crun --version | head -n1)
+echo "Found crun at: ${crun_path}"
+current_version=$("${crun_path}" --version | head -n1)
 echo "✅ Using crun: ${current_version}"
 
-# Clean up any existing conflicting configurations
+# Clean up any existing conflicting configurations (user-level only for rootless)
 echo "Cleaning up existing container configurations..."
 rm -f ~/.config/containers/containers.conf 2>/dev/null || true
-sudo rm -f /root/.config/containers/containers.conf 2>/dev/null || true
-sudo rm -f /etc/containers/containers.conf 2>/dev/null || true
-
-crun_path=$(which crun)
-echo "Using crun path: ${crun_path}"
 
+# Configure for rootless podman with explicit crun path
 config="[containers]
 cgroup_manager = \"cgroupfs\"
 
 [engine]
-runtime = \"crun\""
+runtime = \"${crun_path}\""
 
 mkdir -p ~/.config/containers
 echo "${config}" > ~/.config/containers/containers.conf
 
-sudo mkdir -p /root/.config/containers
-echo "${config}" | sudo tee /root/.config/containers/containers.conf >/dev/null
+# Also set storage driver explicitly for rootless
+storage_config="[storage]
+driver = \"overlay\"
+runroot = \"${XDG_RUNTIME_DIR}/containers\"
+graphroot = \"${HOME}/.local/share/containers/storage\""
+
+echo "${storage_config}" > ~/.config/containers/storage.conf
 
-echo "✅ Configured crun"
+echo "✅ Configured crun for rootless podman"
+echo "Config written to ~/.config/containers/containers.conf"
+echo "Storage config written to ~/.config/containers/storage.conf"