Cannot install GD extension for PHP in Podman container

[Haraven]

Issue Description

I am trying to run a localhost PHP API which uses the GD extension to do draw some images.

I installed the necessary dependencies and installed, configured and enabled GD, but the PHP installation inside my Podman container doesn't have GD enabled.

However, when I send a request to my API using Postman, it returns this error:

Uncaught Error: Call to undefined function imagecreatetruecolor()

Steps to reproduce the issue

1. Write a dummy PHP script that uses GD extension methods like imagecreatetruecolor()
2. Configure the Dockerfile for Podman:

FROM php:8.3-apache

RUN apt-get update && apt-get install -y libpng-dev libonig-dev libjpeg-dev libfreetype6-dev

RUN docker-php-ext-configure gd --with-freetype --with-jpeg
RUN docker-php-ext-install gd
RUN docker-php-ext-enable gd

RUN a2enmod rewrite

WORKDIR /var/www/html

COPY . /var/www/html

RUN chown -R www-data:www-data /var/www/html

EXPOSE 80

RUN sed -i 's!/var/www/html!/var/www/html!g' /etc/apache2/sites-available/000-default.conf

3. build the container (podman build -t my-container .)
4. run it (podman start my-container)
5. try to send a request to the localhost:8080 PHP script

Describe the results you received

Running podman exec -it php-server bash and then typing php -i | grep -i gd yields no result (= GD it not enabled, as confirmed by the error returned by the API when I try to send a request to it - see issue description).

Describe the results you expected

The Podman PHP container should have correctly set up an Apache environment with PHP having the GD extension enabled.

podman info output

>podman info
host:
  arch: amd64
  buildahVersion: 1.37.2
  cgroupControllers:
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-1:2.1.12-1
    path: /usr/bin/conmon
    version: 'conmon version 2.1.12, commit: e8896631295ccb0bfdda4284f1751be19b483264'
  cpuUtilization:
    idlePercent: 99.32
    systemPercent: 0.22
    userPercent: 0.46
  cpus: 22
  databaseBackend: sqlite
  distribution:
    distribution: garuda
    version: unknown
  eventLogger: journald
  freeLocks: 2045
  hostname: shelomoh-laptop
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 6.10.9-zen1-2-zen
  linkmode: dynamic
  logDriver: journald
  memFree: 8906608640
  memTotal: 24528547840
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.12.2-1
      path: /usr/lib/podman/aardvark-dns
      version: aardvark-dns 1.12.2
    package: netavark-1.12.2-1
    path: /usr/lib/podman/netavark
    version: netavark 1.12.2
  ociRuntime:
    name: crun
    package: crun-1.17-1
    path: /usr/bin/crun
    version: |-
      crun version 1.17
      commit: 000fa0d4eeed8938301f3bcf8206405315bc1017
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-2024_09_06.6b38f07-1
    version: |
      pasta 2024_09_06.6b38f07
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: false
    path: /run/user/1000/podman/podman.sock
  rootlessNetworkCmd: pasta
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /etc/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: ""
    package: ""
    version: ""
  swapFree: 24528285696
  swapTotal: 24528285696
  uptime: 1h 47m 56.00s (Approximately 0.04 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries: {}
store:
  configFile: /home/shelomoh/.config/containers/storage.conf
  containerStore:
    number: 3
    paused: 0
    running: 1
    stopped: 2
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/shelomoh/.local/share/containers/storage
  graphRootAllocated: 536870912000
  graphRootUsed: 97064775680
  graphStatus:
    Backing Filesystem: btrfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 242
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /home/shelomoh/.local/share/containers/storage/volumes
version:
  APIVersion: 5.2.2
  Built: 1724352649
  BuiltTime: Thu Aug 22 21:50:49 2024
  GitCommit: fcee48106a12dd531702d729d17f40f6e152027f
  GoVersion: go1.23.0
  Os: linux
  OsArch: linux/amd64
  Version: 5.2.2

Podman in a container

No

Privileged Or Rootless

None

Upstream Latest Release

Yes

Additional environment details

podman build -t php-server output: build.log

The log warns that gd is already installed when I try to enable it, but it's definitely not. When I try to look up the extension inside the Podman container, the destination folder for the extension has no gd. It looks like gd.so is being stripped after installation, though I don't understand why or how to prevent it.

Additional information

I've tried using different images (e.g., php:8.2-apache, php:8.3-apache, php:8.3-fpm (with apache2 installed separately), php:8.3-alpine). The issue seems more connected with the way the extension itself is being installed.

Also, not sure if relevant, but my laptop is using the Intel Core 9 Ultra 185h CPU. Maybe it's tied to CPU architecture in some way?

[Haraven]

Update: I managed to get it working, though I don't understand why.

If I run podman start my-container, the container correctly starts but GD isn't enabled.

If, however, I run podman run --replace -d --name my-container -p 8080:80 -v "/path/to/my-container:/var/www/html" my-container, the container starts correctly and GD is enabled.