CLI doesn't run successfully locally on MacOS w/Podman Desktop

Build Environment
,
1

tl;dr installed podman desktop and circleci local execute doesn’t work

Installed podman desktop with Docker plugin, can run Docker commands fine (docker ps, docker run etc).

Trying to run circleci local execute fails due to insufficient permission.

$ circleci local execute --config .circleci/config.yml --org-id LONG-STRING_HERE  'path-filtering/filter'
Fetching latest build environment...
Docker image digest: sha256:008ba7f4223f1e26c11df9575283491b620074fa96da6961e0dcde47fb757014
====>> Spin up environment
Build-agent version  ()
process panic
goroutine 1 [running]:
runtime/debug.Stack()
        /usr/local/go/src/runtime/debug/stack.go:24 +0x65
github.com/circleci/build-agent/cmd/internal/setup.PanicHandler()
        /mnt/ramdisk/circleci/project/cmd/internal/setup/handlers.go:23 +0x85
panic({0x156abe0, 0xc0004cb270})
        /usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/circleci/build-agent/outer/docker.NewDockerExecutorWithClient({{{{0xc0000460a8, 0x15}, {{...}, {...}, 0x0, 0x1, {...}, {...}, {...}, {...}, ...}, ...}, ...}, ...}, ...)
        /mnt/ramdisk/circleci/project/outer/docker/docker.go:67 +0x699
github.com/circleci/build-agent/outer/docker.NewDockerExecutor({{{{0xc0000460a8, 0x15}, {{...}, {...}, 0x0, 0x1, {...}, {...}, {...}, {...}, ...}, ...}, ...}, ...}, ...)
        /mnt/ramdisk/circleci/project/outer/docker/docker.go:103 +0xdc
github.com/circleci/build-agent/outer.newExecutor({_, _}, {{{{0xc0000460a8, 0x15}, {{...}, {...}, 0x0, 0x1, {...}, {...}, ...}, ...}, ...}, ...}, ...)
        /mnt/ramdisk/circleci/project/outer/run.go:369 +0x265
github.com/circleci/build-agent/outer.ConfigureAndRun({_, _}, {{0xc0000cbf50, 0x15}, {0x0, 0x0}, {0xc000046108, 0x16}, {0x0, 0x0}, ...})
        /mnt/ramdisk/circleci/project/outer/run.go:219 +0x17ad
github.com/circleci/build-agent/cmd/internal/outer/local.runExecuteJob(0xc0002e5c00, 0x0, {0x1987540, 0x0})
        /mnt/ramdisk/circleci/project/cmd/internal/outer/local/execute.go:125 +0x2b6
github.com/circleci/build-agent/cmd/internal/outer/local.NewExecuteJobCmd.func1(0xc0003a0c80, {0x165cc0d, 0x5, 0x5})
        /mnt/ramdisk/circleci/project/cmd/internal/outer/local/execute.go:64 +0x29
github.com/spf13/cobra.(*Command).execute(0xc0003a0c80, {0xc000524b90, 0x5, 0x5})
        /home/circleci/go/pkg/mod/github.com/spf13/cobra@v1.2.1/command.go:856 +0x60e
github.com/spf13/cobra.(*Command).ExecuteC(0xc0003a0a00)
        /home/circleci/go/pkg/mod/github.com/spf13/cobra@v1.2.1/command.go:974 +0x3bc
github.com/spf13/cobra.(*Command).Execute(...)
        /home/circleci/go/pkg/mod/github.com/spf13/cobra@v1.2.1/command.go:902
github.com/circleci/build-agent/cmd.Execute()
        /mnt/ramdisk/circleci/project/cmd/root.go:64 +0x2cf
main.main()
        /mnt/ramdisk/circleci/project/main.go:14 +0xca

Unfortunately that error is completely meaningless, so I had to make a wrapper for Docker to have it output what command is running, then modify it to add a --verbose argument to be passed to the container being run, after which the CircleCI app in the CircleCI container finally told me it was having a permissions issue writing to a unix sock file.

Changing permissions on sock file didn’t help, but adding --privileged did, so modified wrapper again to pass that option on docker run ....

#!/usr/bin/env bash
# Usage:
#   $ export PATH="$HOME/bin:$PATH"
#   $ docker ....

export PATH="$(echo "$PATH" | sed -E "s?$HOME/bin:??")"
set -x
cmd="$1"; shift
if [ "$cmd" = "run" ] ; then
    exec docker "$cmd" --privileged "$@"
else
    exec docker "$cmd" "$@"
fi

Finally the container would start and begin running, but then circleci local command fails due to naming convention problem with network:

$ circleci local execute --config .circleci/config.yml --org-id LONG-STRING-HERE  'path-filtering/filter'
Fetching latest build environment...
Docker image digest: sha256:008ba7f4223f1e26c11df9575283491b620074fa96da6961e0dcde47fb757014
+ cmd=run
+ shift
+ '[' run = run ']'
+ exec docker run --privileged --rm --mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock --mount type=bind,src=/var/folders/jk/5jpk49vj5_j58_k4vbdr2wl80000gq/T/380038945_circleci_config.yml,dst=/var/folders/jk/5jpk49vj5_j58_k4vbdr2wl80000gq/T//local_build_config.yml --mount type=bind,src=/Users/ME/git/REPO,dst=/Users/ME/git/REPO --mount type=bind,src=/Users/ME/.circleci,dst=/root/.circleci --workdir /Users/ME/git/REPO circleci/picard@sha256:008ba7f4223f1e26c11df9575283491b620074fa96da6961e0dcde47fb757014 circleci build --config /var/folders/jk/5jpk49vj5_j58_k4vbdr2wl80000gq/T//local_build_config.yml --job path-filtering/filter path-filtering/filter
====>> Spin up environment
Build-agent version  ()
System information:
 Server Version: 4.9.3
 Storage Driver: overlay
  Backing Filesystem: xfs
 Cgroup Driver: systemd
 Cgroup Version: 2
 Kernel Version: 6.7.7-200.fc39.aarch64
 Operating System: fedora
 OSType: linux
 Architecture: arm64

Error:
Unexpected environment preparation error: error creating ephemeral network bridge: error creating ephemeral docker network: Error response from daemon: network name ZZZ_localbuild-1710826159/607A0043 invalid: names must match [a-zA-Z0-9][a-zA-Z0-9_.-]*: invalid argument

Step failed
Task failed
Error: Unhandled prepare executor error: error creating ephemeral network bridge: error creating ephemeral docker network: Error response from daemon: network name ZZZ_localbuild-1710826159/607A0043 invalid: names must match [a-zA-Z0-9][a-zA-Z0-9_.-]*: invalid argument

Don’t know how to get past this as it’s not running a docker command on the host. I suppose I could write an entire custom implementation of the Docker protocol to intercept this network name being created, but that’s a lot of work…

Can we get a way to generate network names according to the above naming convention?

This is apparently a known issue with circleci local cli since a year ago: Creating a network bridge fails with '/' (forward slash) character in name · Issue #17806 · containers/podman · GitHub