HOWTO: install podman and dependencies rootless

install_podman.sh

#!/usr/bin/env bash
# for Debian 9: apt install -t stretch-backports uidmap [others will follow soon]

export GOPATH="$HOME/go"
export   PATH="$PATH:$GOPATH"
[ -d "$GOPATH" ] || mkdir -p "$GOPATH"

       buildah_src="containers/buildah"
     catatonit_src="openSUSE/catatonit"
           cni_src="containernetworking/plugins"
        conmon_src="containers/conmon"
fuse_overlayfs_src="containers/fuse-overlayfs"
        podman_src="containers/libpod"
          runc_src="opencontainers/runc"
   slirp4netns_src="rootless-containers/slirp4netns"
            target="$HOME/podman/"

function buildme() {
    src="$GOPATH/src/github.com/$1"
    [ -f "$src/dirty" ] && rm -rf "$src"
    
    if [ ! -d "$src" ]; then
        git clone --depth=1 "https://github.com/$1" "$src";
        echo "$1 has been cloned.";
    else
        check=$(git -C "$src" pull 2>&1 | grep -m1 '^Already')
        if [[ "$check" == Already* ]]; then
            echo "$1 doesn't need an update.";
            return;
        else
            echo "$1 has been updated.";
        fi
    fi
    if cd "$src" && eval "$2";
        then echo "$1 has been built and installed.";
        else echo "$1 has errored while building."; touch dirty;
    fi
}

function define() { IFS='\n' read -r -d '' "${1}" || true; } 
function @q() { printf %s "${1@Q}"; }
target="${target%/}"

# build and install buildah
define cmd << EOF
    make all && make install install.completions DESTDIR=${target@Q};
EOF
( buildme "$buildah_src" "$cmd" )

# build and install catatonit
define cmd << EOF
    autoreconf -i && ./configure && make && make install DESTDIR=${target@Q};
EOF
( buildme "$catatonit_src" "$cmd" )

# build and install conmon
define cmd << EOF
    make && make install DESTDIR=${target@Q};
EOF
( buildme "$conmon_src" "$cmd" )

# build and install containernetworking (CNI) plugins (this is NOT needed for rootless)
define cmd << EOF
    ./build_linux.sh;
    mkdir -p $(@q "$target/usr/local/libexec/cni/");
    cp bin/* $(@q "$target/usr/local/libexec/cni/");
EOF
# ( buildme "$cni_src" "$cmd" )

# build and install fuse-overlayfs
define cmd << EOF
    ./autogen.sh && ./configure && make && make install DESTDIR=${target@Q};
EOF
( buildme "$fuse_overlayfs_src" "$cmd" )

# build and install runc
# BUILDTAGS="... selinux ... " doesn't work for me right now (2019-03-24)
define cmd << EOF
    make BUILDTAGS="seccomp apparmor ambient" all man && make install install-bash install-man DESTDIR=${target@Q};
EOF
( buildme "$runc_src" "$cmd" )

# build and install podman
define cmd << EOF
    make && make install install.config install.completions DESTDIR=${target@Q};
EOF
( buildme "$podman_src" "$cmd" )

# build and install slirp4netns
define cmd << EOF
    ./autogen.sh;
    ./configure;
    make && make install DESTDIR=${target@Q};
EOF
( buildme "$slirp4netns_src" "$cmd" )

# install CNI conf file for podman (this is NOT needed for rootless)
mkdir -p "$target/etc/cni/net.d/"
cp "$GOPATH/src/github.com/$podman_src/cni/87-podman-bridge.conflist" "$target/etc/cni/net.d/"

# install registries and a liberate policy
mkdir -p "$target/etc/containers"

cat << 'EOF' > "$target/etc/containers/registries.conf"
[registries.search]
registries = ['docker.io', 'quay.io']

[registries.insecure]
registries = []

#blocked (docker only)
[registries.block]
registries = []
EOF

cat << 'EOF' > "$target/etc/containers/policy.json"
{
  "default": [
    { "type": "insecureAcceptAnything" }
  ],
  "transports": {  
     "docker-daemon": {
       "": [
         {"type": "insecureAcceptAnything"}
       ]
     }
   }
}
EOF