summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile2
-rw-r--r--RELEASE_NOTES.md69
-rw-r--r--changelog.txt385
-rw-r--r--cmd/podman/attach.go2
-rw-r--r--cmd/podman/build.go2
-rw-r--r--cmd/podman/checkpoint.go2
-rw-r--r--cmd/podman/cleanup.go4
-rw-r--r--cmd/podman/commands.go1
-rw-r--r--cmd/podman/commit.go2
-rw-r--r--cmd/podman/cp.go2
-rw-r--r--cmd/podman/create.go2
-rw-r--r--cmd/podman/diff.go2
-rw-r--r--cmd/podman/exec.go2
-rw-r--r--cmd/podman/exists.go9
-rw-r--r--cmd/podman/export.go2
-rw-r--r--cmd/podman/generate_kube.go2
-rw-r--r--cmd/podman/history.go2
-rw-r--r--cmd/podman/import.go2
-rw-r--r--cmd/podman/inspect.go2
-rw-r--r--cmd/podman/kill.go2
-rw-r--r--cmd/podman/libpodruntime/runtime.go19
-rw-r--r--cmd/podman/load.go2
-rw-r--r--cmd/podman/login.go2
-rw-r--r--cmd/podman/logout.go2
-rw-r--r--cmd/podman/logs.go4
-rw-r--r--cmd/podman/mount.go2
-rw-r--r--cmd/podman/pause.go4
-rw-r--r--cmd/podman/play_kube.go4
-rw-r--r--cmd/podman/pod_inspect.go2
-rw-r--r--cmd/podman/pod_kill.go2
-rw-r--r--cmd/podman/pod_pause.go2
-rw-r--r--cmd/podman/pod_restart.go2
-rw-r--r--cmd/podman/pod_rm.go2
-rw-r--r--cmd/podman/pod_start.go2
-rw-r--r--cmd/podman/pod_stats.go2
-rw-r--r--cmd/podman/pod_stop.go2
-rw-r--r--cmd/podman/pod_top.go2
-rw-r--r--cmd/podman/pod_unpause.go2
-rw-r--r--cmd/podman/port.go2
-rw-r--r--cmd/podman/pull.go2
-rw-r--r--cmd/podman/push.go2
-rw-r--r--cmd/podman/restart.go2
-rw-r--r--cmd/podman/restore.go2
-rw-r--r--cmd/podman/rm.go2
-rw-r--r--cmd/podman/rmi.go2
-rw-r--r--cmd/podman/run.go2
-rw-r--r--cmd/podman/runlabel.go2
-rw-r--r--cmd/podman/save.go2
-rw-r--r--cmd/podman/search.go2
-rw-r--r--cmd/podman/sign.go2
-rw-r--r--cmd/podman/start.go2
-rw-r--r--cmd/podman/stats.go2
-rw-r--r--cmd/podman/stop.go2
-rw-r--r--cmd/podman/tag.go2
-rw-r--r--cmd/podman/top.go2
-rw-r--r--cmd/podman/umount.go2
-rw-r--r--cmd/podman/unpause.go2
-rw-r--r--cmd/podman/varlink.go2
-rw-r--r--cmd/podman/volume_create.go2
-rw-r--r--cmd/podman/volume_inspect.go2
-rw-r--r--cmd/podman/volume_rm.go2
-rw-r--r--cmd/podman/wait.go2
-rw-r--r--contrib/spec/podman.spec.in2
-rw-r--r--docs/libpod.conf.5.md6
-rw-r--r--docs/podman-import.1.md3
-rw-r--r--libpod.conf6
-rw-r--r--libpod/boltdb_state.go2
-rw-r--r--libpod/boltdb_state_internal.go11
-rw-r--r--libpod/info.go1
-rw-r--r--libpod/options.go22
-rw-r--r--libpod/runtime.go50
-rw-r--r--libpod/runtime_ctr.go5
-rw-r--r--libpod/state.go1
-rw-r--r--libpod/volume.go18
-rw-r--r--pkg/spec/createconfig.go2
-rw-r--r--pkg/util/utils.go26
-rw-r--r--vendor.conf4
-rw-r--r--vendor/github.com/containers/buildah/README.md29
-rw-r--r--vendor/github.com/containers/buildah/buildah.go2
-rw-r--r--vendor/github.com/containers/buildah/new.go2
-rw-r--r--vendor/github.com/containers/buildah/pkg/cli/common.go4
-rw-r--r--vendor/github.com/containers/buildah/pkg/secrets/secrets.go319
-rw-r--r--vendor/github.com/containers/buildah/pull.go4
-rw-r--r--vendor/github.com/containers/buildah/run.go10
-rw-r--r--vendor/github.com/containers/buildah/unshare/unshare_unsupported.go1
-rw-r--r--vendor/github.com/containers/buildah/vendor.conf2
-rw-r--r--vendor/github.com/containers/image/pkg/blobinfocache/memory.go20
-rw-r--r--vendor/github.com/containers/image/version/version.go2
-rw-r--r--version/version.go2
89 files changed, 1015 insertions, 146 deletions
diff --git a/Makefile b/Makefile
index f634fcc81..7e2c98b8a 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,6 @@
GO ?= go
DESTDIR ?= /
-EPOCH_TEST_COMMIT ?= 4406e1cfeed18fe89c0ad4e20a3c3b2f4b9ffcae
+EPOCH_TEST_COMMIT ?= 174e8997aa0d8fc648564a9ac2a79ab786e87362
HEAD ?= HEAD
CHANGELOG_BASE ?= HEAD~
CHANGELOG_TARGET ?= HEAD
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index b8b475362..0bacad0d7 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -1,5 +1,74 @@
# Release Notes
+## 1.1.0
+### Features
+- Added `--latest` and `--all` flags to `podman mount` and `podman umount`
+- Rootless Podman can now forward ports into containers (using the same `-p` and `-P` flags as root Podman)
+- Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root `libpod.conf` if they are not explicitly set in the user's own `libpod.conf` ([#2174](https://github.com/containers/libpod/issues/2174))
+- Added an alias `-f` for the `--format` flag of the `podman info` and `podman version` commands
+- Added an alias `-s` for the `--size` flag of the `podman inspect` command
+- Added the `podman system info` and `podman system prune` commands
+- Added the `podman cp` command to copy files between containers and the host ([#613](https://github.com/containers/libpod/issues/613))
+- Added the `--password-stdin` flag to `podman login`
+- Added the `--all-tags` flag to `podman pull`
+- The `--rm` and `--detach` flags can now be used together with `podman run`
+- The `podman start` and `podman run` commands for containers in pods will now start dependency containers if they are stopped
+- Added the `podman system renumber` command to handle lock changes
+- The `--net=host` and `--dns` flags for `podman run` and `podman create` no longer conflict
+- Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by `ip netns add` when they are passed in via `podman run --net=ns:`
+
+### Bugfixes
+- Fixed a bug with `podman inspect` where different information would be returned when the container was running versus when it was stopped
+- Fixed a bug where errors in Go templates passed to `podman inspect` were silently ignored instead of reported to the user ([#2159](https://github.com/containers/libpod/issues/2159))
+- Fixed a bug where rootless Podman with `--pid=host` containers was incorrectly masking paths in `/proc`
+- Fixed a bug where full errors starting rootless `Podman` were not reported when a refresh was requested
+- Fixed a bug where Podman would override the config file-specified storage driver with the driver the backing database was created with without warning users
+- Fixed a bug where `podman prune` would prune all images not in use by a container, as opposed to only untagged images, by default ([#2192](https://github.com/containers/libpod/issues/2192))
+- Fixed a bug where `podman create --quiet` and `podman run --quiet` were not properly suppressing output
+- Fixed a bug where the `table` keyword in Go template output of `podman ps` was not working ([#2221](https://github.com/containers/libpod/issues/2221))
+- Fixed a bug where `podman inspect` on images pulled by digest would double-print `@sha256` in output when printing digests ([#2086](https://github.com/containers/libpod/issues/2086))
+- Fixed a bug where `podman container runlabel` will return a non-0 exit code if the label does not exist
+- Fixed a bug where container state was always reset to Created after a reboot ([#1703](https://github.com/containers/libpod/issues/1703))
+- Fixed a bug where `/dev/pts` was unconditionally overridden in rootless Podman, which was unnecessary except in very specific cases
+- Fixed a bug where Podman run as root was ignoring some options in `/etc/containers/storage.conf` ([#2217](https://github.com/containers/libpod/issues/2217))
+- Fixed a bug where Podman cleanup processes were not being given the proper OCI runtime path if a custom one was specified
+- Fixed a bug where `podman images --filter dangling=true` would crash if no dangling images were present ([#2246](https://github.com/containers/libpod/issues/2246))
+- Fixed a bug where `podman ps --format "{{.Mounts}}"` would not display a container's mounts ([#2238](https://github.com/containers/libpod/issues/2238))
+- Fixed a bug where `podman pod stats` was ignoring Go templates specified by `--format` ([#2258](https://github.com/containers/libpod/issues/2258))
+- Fixed a bug where `podman generate kube` would fail on containers with `--user` specified ([#2304](https://github.com/containers/libpod/issues/2304))
+- Fixed a bug where `podman images` displayed incorrect output for images pulled by digest ([#2175](https://github.com/containers/libpod/issues/2175))
+- Fixed a bug where `podman port` and `podman ps` did not properly display ports if the container joined a network namespace from a pod or another container ([#846](https://github.com/containers/libpod/issues/846))
+- Fixed a bug where detaching from a container using the detach keys would cause Podman to hang until the container exited
+- Fixed a bug where `podman create --rm` did not work with `podman start --attach`
+- Fixed a bug where invalid named volumes specified in `podman create` and `podman run` could cause segfaults ([#2301](https://github.com/containers/libpod/issues/2301))
+- Fixed a bug where the `runtime` field in `libpod.conf` was being ignored. `runtime` is legacy and deprecated, but will continue to be respected for the forseeable future
+- Fixed a bug where `podman login` would sometimes report it logged in successfully when it did not
+- Fixed a bug where `podman pod create` would not error on receiving unused CLI argument
+- Fixed a bug where rootless `podman run` with the `--pod` argument would fail if the pod was stopped
+- Fixed a bug where `podman images` did not print a trailing newline when not invoked on a TTY ([#2388](https://github.com/containers/libpod/issues/2388))
+- Fixed a bug where the `--runtime` option was sometimes not overriding `libpod.conf`
+- Fixed a bug where `podman pull` and `podman runlabel` would sometimes exit with 0 when they should have exited with an error ([#2405](https://github.com/containers/libpod/issues/2405))
+- Fixed a bug where rootless `podman export -o` would fail ([#2381](https://github.com/containers/libpod/issues/2381))
+- Fixed a bug where read-only volumes would fail in rootless Podman when the volume originated on a filesystem mounted `nosuid`, `nodev`, or `noexec` ([#2312](https://github.com/containers/libpod/issues/2312))
+- Fixed a bug where some files used by checkpoint and restore received improper SELinux labels ([#2334](https://github.com/containers/libpod/issues/2334))
+- Fixed a bug where Podman's volume path was not properly changed when containers/storage changed location ([#2395](https://github.com/containers/libpod/issues/2395))
+
+### Misc
+- Podman migrated to a new, shared memory locking model in this release. As part of this, if you are running Podman with pods or dependency containers (e.g. `--net=container:`), you should run the `podman system renumber` command to migrate your containers to the new model - please reference the `podman-system-renumber(1)` man page for further details
+- Podman migrated to a new command-line parsing library, and the output format of help and usage text has somewhat changed as a result
+- Updated Buildah to v1.7, picking up a number of bugfixes
+- Updated containers/image library to v1.5, picking up a number of bugfixes and performance improvements to pushing images
+- Updated containers/storage library to v1.10, picking up a number of bugfixes
+- Work on the remote Podman client for interacting with Podman remotely over Varlink is progressing steadily, and many image and pod commands are supported
+- Added path masking to mounts with the `:z` and `:Z` options, preventing users from accidentally performing an SELinux relabel of their entire home directory
+- The `podman container runlabel` command will not pull an image if it does not contain the requested label
+- Many commands' usage information now includes examples
+- `podman rm` can now delete containers in containers/storage, which can be used to resolve some situations where Podman fails to remove a container
+- The `podman search` command now searches multiple registries in parallel for improved performance
+- The `podman build` command now defaults `--pull-always` to true
+- Containers which share a network namespace (for example, when in a pod) will now share /etc/hosts and /etc/resolv.conf between all containers in the pod, causing changes in one container to propogate to all containers sharing their networks
+- The `podman rm` and `podman rmi` commands now return 1 (instead of 127) when all specified container or images are missing
+
## 1.0.0
### Features
- The `podman exec` command now includes a `--workdir` option to set working directory for the executed command
diff --git a/changelog.txt b/changelog.txt
index 8ee11cdc4..803aad796 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -1,3 +1,388 @@
+- Changelog for v1.1.0 (2019-02-26)
+ * Vendor in latest buildah 1.7.1
+ * volume: do not create a volume if there is a bind
+ * Only remove image volumes when removing containers
+ * Fix podman logs -l
+ * start pod containers recursively
+ * Update release notes for v1.1.0
+ * vendor containers/image v1.5
+ * Record when volume path is explicitly set in config
+ * Add debug information when overriding paths with the DB
+ * Add path for named volumes to `podman info`
+ * Add volume path to default libpod.conf (and manpage)
+ * Validate VolumePath against DB configuration
+ * When location of c/storage root changes, set VolumePath
+ * docs: cross-reference `podman-{generate,play}-kube`
+ * README: refine "Out of scope" section
+ * oci: improve error message when the OCI runtime is not found
+ * Label CRIU log files correctly
+ * Add num_locks to the default libpod config
+ * podman-remote pod pause|unpause|restart
+ * podman: fix ro bind mounts if no* opts are on the source
+ * Change exit code to 1 on podman rmi nosuch image
+ * README.md: rephrase Buildah description
+ * README: update "out of scope" section
+ * Change exit code to 1 on podman rm nosuch container
+ * podman-remote create|ps
+ * remove duplicate commands in main
+ * issue template: run `podman info --debug`
+ * Fix play to show up in podman help
+ * Switch defaults for podman build versus buildah
+ * In shared networkNS /etc/resolv.conf&/etc/hosts should be shared
+ * Allow dns settings with --net=host
+ * Fix up handling of user defined network namespaces
+ * Enable more podman-remote pod commands
+ * tests, rootless: use relative path for export test
+ * rootless: force same cwd when re-execing
+ * Vendor Buildah v1.7
+ * Exit with errors not just logging error
+ * cmd: support rootless mode for cp command
+ * hide --latest on the remote-client
+ * Improve command line validation
+ * make remote-client error messaging more robust
+ * podman: --runtime has higher priority on runtime_path
+ * podman-remote pod inspect|exists
+ * Cirrus: Install Go 1.11 on Ubuntu VMs
+ * Cirrus: Add 20m extra timeout for Ubuntu
+ * Introduce how to start to hack on libpod.
+ * update: remove duplicate newline
+ * Fix typo in comment
+ * podman-remote load image
+ * Do not make renumber shut down the runtime
+ * Add podman system renumber command
+ * Add ability to get a runtime that renumbers
+ * Recreate SHM locks when renumbering on count mismatch
+ * Move RenumberLocks into runtime init
+ * Remove locks from volumes
+ * Expand renumber to also renumber pod locks
+ * Add ability to rewrite pod configs in the database
+ * Add initial version of renumber backend
+ * Add a function for overwriting container config
+ * enable podman-remote pod rm
+ * vendor containers/image v1.4
+ * Adjust LISTEN_PID for reexec in varlink mode
+ * Update c/storage vendor to v1.10 release
+ * add newline to images output
+ * podman-remote save [image]
+ * hack/tree_status.sh: preserve new lines
+ * remove duplicate kill from `podman --help`
+ * iopodman.SearchImages: add ImageSearchFilter to Varlink API
+ * image.SearchImages: use SearchFilter type
+ * SearchImages: extend API with filter parameter
+ * podman-search: refactor code to libpod/image/search.go
+ * podman-search: run in parallel
+ * Ensure that userns is created for stopped rootless pods
+ * Podman pod create now errors on receiving CLI args
+ * podman-remote pull
+ * Don't start running dependencies
+ * Fifth chunk of Cobra Examples
+ * Add 4th chunk of Cobra Examples
+ * OpenTracing support added to start, stop, run, create, pull, and ps
+ * packer: Make Makefile host arch sensitive
+ * Add 3rd chunk of Cobra examples
+ * pod infra container is started before a container in a pod is run, started, or attached.
+ * Add registry name to fields returned by varlink image search
+ * Second chunk of Cobra help
+ * podman: honor --storage-opt again
+ * docs: mention the new OCI runtime configuration
+ * libpod: honor runtime_path from libpod.conf
+ * rootless: open the correct file
+ * Fix `podman login` lying problem
+ * Fix error code retrieval for podman start --attach
+ * Enable --rm with --detach
+ * Add examples for Cobra
+ * Add tlsVerify bool to SearchImage for varlink
+ * Fix volume handling in podman
+ * enable podman-remote volume prune
+ * add build to main and as subcommand to image
+ * --password-stdin flag in `podman login`
+ * 'podman cp' copy between host and container
+ * podman-remote build
+ * Vendor in latest c/storage and c/image
+ * show container ports of network namespace
+ * podman-remote volume inspect|ls
+ * build varlink without GOPATH
+ * completions: add --pod to run/create
+ * Parse fq name correctly for images
+ * Try disabling --rm on notify_socket test
+ * podman-remote push
+ * get_ci_vm : allow running without sudo
+ * Only build varlink when buildtag is available
+ * Remove a lot of '--rm' options from unit tests
+ * Address review comments on #2319
+ * Retain a copy of container exit file on cleanup
+ * Fix manual detach from containers to not wait for exit
+ * varlink: Rename `SearchImage` to `SearchImages`
+ * varlink: Rename `ContainerInList` to `Container`
+ * varlink: Rename `ImageInList` to `Image`
+ * varlink: Simplify GetVersion() call
+ * varlink: Return all times in RFC 3339 format
+ * Makefile: Don't include quotes around GIT_COMMIT
+ * varlink: Remove the Ping() method
+ * podman: Show error when creating varlink listener failed
+ * varlink: Remove `NotImplemented` type
+ * Don't show global flags except for podman command
+ * podman-remote volume rm
+ * Remove urfave/cli from libpod
+ * podman-remote volume create
+ * Separate remote and local commands
+ * lock and sync container before checking mountpoint
+ * oci: do not set XDG_RUNTIME_DIR twice
+ * pod: drop not valid check for rootless
+ * Podman pod stats -- fix GO template output
+ * Add troubleshooting information about running a rootless containers.
+ * Add --all-tags to pull command
+ * Add common_test.go to single test instructions
+ * Remove container from storage on --force
+ * do not crash when displaying dangling images
+ * Add volume mounts to PS output
+ * Update image-trust man with further comments
+ * Migrate to cobra CLI
+ * Remove some dead type declarations
+ * Fix down/missing registry.access.redhat.com
+ * cleanup: use the correct runtime
+ * make vendor: always check for latest vndr
+ * install.md: add section about vendoring
+ * Add varlink generate to the make documentation
+ * Mention OSes that pass the build
+ * Generate make helping message dynamicaly.
+ * Makefile: minor fix to reenable system tests
+ * Add StartPeriod to cmd/podman/docker.HealthConfig
+ * Unconditionally refresh storage options from config
+ * rootless: do not override /dev/pts if not needed
+ * Fix handling of memory limits via varlink
+ * Add documentation on running systemd on SELinux systems
+ * Cirrus: add vendor_check_task
+ * cleanup vendor directory
+ * Revert "Vendor containers/buildah"
+ * e2e tests: sigproxy: fix rare hang condition
+ * Preserve exited state across reboot
+ * Apply 50min timeout to integration tests
+ * Capatilize all usage and descriptions
+ * Add podman system prune and info commands
+ * podman-remote import|export
+ * tests: allow to override the OCI runtime
+ * rootless: copy some settings from the global configuration
+ * Vendor containers/buildah
+ * Increase e2e info/json test exit timeout
+ * Touch up image-trust man
+ * Rework Podman description
+ * vendor latest containers/image
+ * Reduce Dockerfile based build time for libpod.
+ * libpod/image: Use RepoDigests() in Inspect()
+ * add Pod Manager References
+ * Add support for short option -f in podman version
+ * Add support for short option -s in podman inspect
+ * Add support for short option -f
+ * Changes to container runlabel for toolbox project
+ * Fix regression in ps with custom format
+ * Set SELinux type on bin/podman after install
+ * Cirrus: Add RHEL-7 testing
+ * For consistency in usage output the verbs changed from 3rd person to 1st person.
+ * podman image prune -- implement all flag
+ * Alter varlink API for ListContainerMounts to return a map
+ * Make --quiet work in podman create/run
+ * apparmor: don't load default profile in rootless mode
+ * Cirrus: Enable AppArmor build and test
+ * Update ArchLinux installation instructions
+ * tutorials: describe how to use podman in updates-testing
+ * [skip ci] Cirrus: Container for tracking image use
+ * Cirrus: Use freshly built images
+ * remove sudo
+ * Vendor in latest containers/storage
+ * Show a better error message when podman info fails during a refresh
+ * enable podman-remote version
+ * Update transfer.md and commands.md to add missing commands.
+ * rootless: support port redirection from the host
+ * Mask unimplemeted commands for remote client
+ * Vendor in latest opencontainers/selinux
+ * podman-remote inspect
+ * Vendor in latest containers/storage
+ * rootless: fix --pid=host without --privileged
+ * Do not unmarshal into c.config.Spec
+ * podman-inspect: don't ignore errors
+ * Add openSUSE Kubic to install.md
+ * cirrus: Record start/end time of important things
+ * Cirrus: Consolidate VM image names in once place
+ * Update README for v1.0.0
+ * Installing podman
+ * Ensure that wait exits on state transition
+ * Vendor in containers/storage
+ * Add --latest and --all to podman mount/umount
+ * Cleanup coverity scan issues
+ * Embed runtime struct in super localRuntime
+ * Collaberative podman-remote container exists
+ * Fix up `image sign` in PR 2108
+ * add support for podman-remote history
+ * Rename localRuntime to runtime in cmd/podman
+ * podman remote integrations tests
+ * podman remote client -- add rmi
+ * Run integrations test with remote-client
+ * [skip ci] Hack: Fix get_ci_vm.sh w/ gcloud ssh/scp
+ * Update master branch with v1.0 changes from 1.0 branch
+ * Add local storage.conf example to troubleshoot
+ * config: store the runtime used to create each container
+ * oci: allow to define multiple OCI runtimes
+ * libpod: allow multiple oci runtimes
+ * Remove imageParts.{isTagged,registry,name,tag}
+ * Clarify comments about isRegistry a bit.
+ * Use imageParts.unnormalizedRef in GetImageBaseName
+ * FIXME? Introduce imageParts.suspiciousRefNameTagValuesForSearch
+ * Use imageParts.referenceWithRegistry in Image.getLocalImage
+ * Don't try to look up local images with an explicit :latest suffix
+ * Return a reference.Named from normalizedTag
+ * Use reference.TagNameOnly instead of manually adding imageParts.tag in normalizeTag
+ * Use imageParts.normalizedReference in normalizeTag
+ * Add imageParts.normalizedReference()
+ * Use imageparts.referenceWithRegistry in normalizeTag
+ * Remove no longer used imageParts.assemble()
+ * Use getPullRefPair / getSinglePullRefPairGoal in pullGoalFromPossiblyUnqualifiedName
+ * Use imageParts.referenceWithRegistry in pullGoalFromPossiblyUnqualifiedName
+ * Use imageParts.referenceWithRegistry in getPullRefPair
+ * Add imageParts.referenceWithRegistry
+ * Don't use imageParts.assemble when pulling from a qualified name
+ * Reorganize normalizeTag
+ * Simplify pullGoalFromPossiblyUnqualifiedName
+ * Remove imageParts.transport
+ * Simplify pullGoalFromPossiblyUnqualifiedName
+ * Inline imageParts.assembleWithTransport into callers
+ * Record the original reference.Named in imageParts
+ * Drop image.DecomposeString, make image.Parts private imageParts again
+ * Don't call image.DecomposeString in imageInListToContainerImage
+ * Add bridge support, for the varlink connection
+ * Add troubleshooting statement for homedirs mounted noexec
+ * Set default storage options from mounts.conf file.
+ * podman play kube: add containers to pod
+ * Add darwin support for remote-client
+ * vendor: update everything
+ * vendor make target
+ * rootless: create the userns immediately when creating a new pod
+ * rootless: join both userns and mount namespace with --pod
+ * spec: add nosuid,noexec,nodev to ro bind mount
+ * Use multi-arch images in test case scripts
+ * Add varlink support for prune
+ * Replace tab with spaces in MarshalIndent in libpod
+ * Remove one more usage of encoding/json in libpod
+ * Update vendor.conf for jsoniter vendor changes
+ * Move all libpod/ JSON references over to jsoniter
+ * Update json-iterator vendor to v1.1.5
+ * Remove easyjson in preparation for switch to jsoniter
+ * remote-client support for images
+ * Move python code from contrib to it's own repo python-podman
+ * Use defaults if paths are not specified in storage.conf
+ * (Minor) Cirrus: Print timestamp at start
+ * fix up sigstore path
+ * Trivial readme updates
+ * podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCE
+ * Fix handling of nil volumes
+ * sign: make all error messages lowercase
+ * sign: use filepath.Join instead of fmt.Sprintf
+ * createconfig: always cleanup a rootless container
+ * Fix 'image trust' from PR1899
+ * libpod/image: Use ParseNormalizedNamed in RepoDigests
+ * apparmor: apply default profile at container initialization
+ * Fix up image sign and trust
+ * If you fail to open shm lock then attempt to create it
+ * List the long variant of each option before its shorter counterpart
+ * Use existing interface to request IP address during restore
+ * Added checkpoint/restore test for same IP
+ * Enable checkpoint test with established TCP connections
+ * .github/ISSUE_TEMPLATE: Suggest '/kind bug' and '/kind feature'
+ * pkg/hooks/exec: Include failed command in hook errors
+ * hooks/exec/runtimeconfigfilter: Log config changes
+ * hooks: Add pre-create hooks for runtime-config manipulation
+ * Add Validate completions
+ * Add a --workdir option to 'podman exec'
+ * Default --sig-proxy to true for 'podman start --attach'
+ * Test that 'podman start --sig-proxy' does not work without --attach
+ * [WIP]Support podman image sign
+ * vendor latest buildah
+ * Honor image environment variables with exec
+ * Minor: Remove redundant basename command in ooe.sh
+ * Rename libpod.Config back to ContainerConfig
+ * Add ability to build golang remote client
+ * vendor latest buildah
+ * Add the configuration file used to setup storage to podman info
+ * Address lingering review comments from SHM locking PR
+ * podman: set umask to 022
+ * podman-login: adhere to user input
+ * Vendor in latest containers/buildah code
+ * Rootless with shmlocks was not working.
+ * Readd Python testing
+ * Update vendor of runc
+ * [skip ci] Docs: Add Bot Interactions section
+ * container runlabel NAME implementation
+ * Bump time for build_each_commit step
+ * Move lock init after tmp dir is populated properly
+ * DO NOT MERGE temporarily remove python tests
+ * When refreshing libpod, if SHM locks exist, remove them
+ * Ensure different error messages and creating/opening locks
+ * Update unit tests to use in-memory lock manager
+ * Remove runtime lockDir and add in-memory lock manager
+ * Convert pods to SHM locks
+ * Convert containers to SHM locking
+ * Add lock manager to libpod runtime
+ * Move to POSIX mutexes for SHM locks
+ * Disable lint on SHMLock struct
+ * Refactor locks package to build on non-Linux
+ * Add an SHM-backed Lock Manager implementation
+ * Add interface for libpod multiprocess locks
+ * Improve documentation and unit tests for SHM locks
+ * Propogate error codes from SHM lock creation and open
+ * Add mutex invariant to SHM semaphores.
+ * Initial skeleton of in-memory locks
+ * add container-init support
+ * If local storage file exists, then use it rather then defaults.
+ * vendor in new containers/storage
+ * Fix completions
+ * Touch up some troubleshooting nits
+ * Warn on overriding user-specified storage driver w/ DB
+ * Log container command before starting the container
+ * Use sprintf to generate port numbers while committing
+ * Add troubleshooting for sparse files
+ * Fix handling of symbolic links
+ * podman build is not using the default oci-runtime
+ * Re-enable checkpoint/restore CI tests on Fedora
+ * Fixes to handle /dev/shm correctly.
+ * rootless tests using stop is more reliable
+ * Allow alias for list, ls, ps to work
+ * Refactor: use idtools.ParseIDMap instead of bundling own version
+ * cirrus: Use updated images including new crui
+ * Switch all referencs to image.ContainerConfig to image.Config
+ * Allow users to specify a directory for additonal devices
+ * Change all 'can not' to 'cannot' for proper usage
+ * Invalid index for array
+ * Vendor in latest psgo code to fix race conditions
+ * test: add test for rootless export
+ * export: fix usage with rootless containers
+ * rootless: add function to join user and mount namespace
+ * libpod: always store the conmon pid file
+ * Use existing CRIU packages in CI setup
+ * skip test for blkio.weight when kernel does not support it
+ * Add Play
+ * Cirrus: Skip build all commits test on master
+ * prepare for move to validate on 1.11 only
+ * [skip ci] Gate: Update docs w/ safer local command
+ * Support podman image trust command
+ * Makefile: validate that each commit can at least build
+ * perf test a stress test to profile CPU load of podman
+ * all flakes must die
+ * Add information on --restart
+ * generate service object inline
+ * Cirrus: One IRC notice only
+ * docs/tutorials: add a basic network config
+ * display proper error when rmi -fa with infra containers
+ * add --get-login command to podman-login.
+ * Show image only once with images -q
+ * Add script to create CI VMs for debugging
+ * Cirrus: Migrate PAPR testing of F28 to Cirrus
+ * Skip checkpoint tests on Fedora <30
+ * Cirrus: Add text editors to cache-images
+ * Bump gitvalidation epoch
+ * Bump to v0.12.2-dev
+ * Clean up some existing varlink endpoints
+ * mount: allow mount only when using vfs
+
- Changelog for v1.0.0 (2018-1-11)
* Update release notes for v1.0
* Remove clientintegration from Makefile
diff --git a/cmd/podman/attach.go b/cmd/podman/attach.go
index 074675e45..a22aa92a1 100644
--- a/cmd/podman/attach.go
+++ b/cmd/podman/attach.go
@@ -14,7 +14,7 @@ var (
attachCommand cliconfig.AttachValues
attachDescription = "The podman attach command allows you to attach to a running container using the container's ID or name, either to view its ongoing output or to control it interactively."
_attachCommand = &cobra.Command{
- Use: "attach",
+ Use: "attach [flags] CONTAINER",
Short: "Attach to a running container",
Long: attachDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/build.go b/cmd/podman/build.go
index e40e35cb5..8ea9e6957 100644
--- a/cmd/podman/build.go
+++ b/cmd/podman/build.go
@@ -27,7 +27,7 @@ var (
namespaceValues buildahcli.NameSpaceResults
_buildCommand = &cobra.Command{
- Use: "build",
+ Use: "build [flags] CONTEXT",
Short: "Build an image using instructions from Dockerfiles",
Long: buildDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/checkpoint.go b/cmd/podman/checkpoint.go
index c9de5638b..8c4b8ad3c 100644
--- a/cmd/podman/checkpoint.go
+++ b/cmd/podman/checkpoint.go
@@ -21,7 +21,7 @@ var (
Checkpoints one or more running containers. The container name or ID can be used.
`
_checkpointCommand = &cobra.Command{
- Use: "checkpoint",
+ Use: "checkpoint [flags] CONTAINER [CONTAINER...]",
Short: "Checkpoints one or more containers",
Long: checkpointDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/cleanup.go b/cmd/podman/cleanup.go
index d68255aa2..fbbd337a7 100644
--- a/cmd/podman/cleanup.go
+++ b/cmd/podman/cleanup.go
@@ -18,7 +18,7 @@ var (
Cleans up mount points and network stacks on one or more containers from the host. The container name or ID can be used. This command is used internally when running containers, but can also be used if container cleanup has failed when a container exits.
`
_cleanupCommand = &cobra.Command{
- Use: "cleanup",
+ Use: "cleanup [flags] CONTAINER [CONTAINER...]",
Short: "Cleanup network and mountpoints of one or more containers",
Long: cleanupDescription,
RunE: func(cmd *cobra.Command, args []string) error {
@@ -60,7 +60,7 @@ func cleanupCmd(c *cliconfig.CleanupValues) error {
for _, ctr := range cleanupContainers {
hadError := false
if c.Remove {
- if err := runtime.RemoveContainer(ctx, ctr, false, false); err != nil {
+ if err := runtime.RemoveContainer(ctx, ctr, false, true); err != nil {
if lastError != nil {
fmt.Fprintln(os.Stderr, lastError)
}
diff --git a/cmd/podman/commands.go b/cmd/podman/commands.go
index fadcca689..73e02e27a 100644
--- a/cmd/podman/commands.go
+++ b/cmd/podman/commands.go
@@ -27,7 +27,6 @@ func getMainCommands() []*cobra.Command {
_portCommand,
_refreshCommand,
_restartCommand,
- _restoreCommand,
_rmCommand,
_runCommand,
_searchCommand,
diff --git a/cmd/podman/commit.go b/cmd/podman/commit.go
index d8ced0e36..43c54c320 100644
--- a/cmd/podman/commit.go
+++ b/cmd/podman/commit.go
@@ -25,7 +25,7 @@ var (
and make changes to the instructions with the --change flag.`
_commitCommand = &cobra.Command{
- Use: "commit",
+ Use: "commit [flags] CONTAINER IMAGE",
Short: "Create new image based on the changed container",
Long: commitDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/cp.go b/cmd/podman/cp.go
index d9f230b67..30b6d75d2 100644
--- a/cmd/podman/cp.go
+++ b/cmd/podman/cp.go
@@ -29,7 +29,7 @@ var (
cpDescription = "Copy files/folders between a container and the local filesystem"
_cpCommand = &cobra.Command{
- Use: "cp",
+ Use: "cp [flags] SRC_PATH DEST_PATH",
Short: "Copy files/folders between a container and the local filesystem",
Long: cpDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index 868f90d54..2d93c149a 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -42,7 +42,7 @@ var (
" any time with the podman start <container_id> command. The container" +
" will be created with the initial state 'created'."
_createCommand = &cobra.Command{
- Use: "create",
+ Use: "create [flags] IMAGE [COMMAND [ARG...]]",
Short: "Create but do not start a container",
Long: createDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/diff.go b/cmd/podman/diff.go
index e2d258ad4..e232d7e66 100644
--- a/cmd/podman/diff.go
+++ b/cmd/podman/diff.go
@@ -38,7 +38,7 @@ var (
container or image will be compared to its parent layer`)
_diffCommand = &cobra.Command{
- Use: "diff",
+ Use: "diff [flags] CONTAINER | IMAGE",
Short: "Inspect changes on container's file systems",
Long: diffDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/exec.go b/cmd/podman/exec.go
index 7040a7b09..032262497 100644
--- a/cmd/podman/exec.go
+++ b/cmd/podman/exec.go
@@ -21,7 +21,7 @@ var (
Run a command in a running container
`
_execCommand = &cobra.Command{
- Use: "exec",
+ Use: "exec [flags] CONTAINER [COMMAND [ARG...]]",
Short: "Run a process in a running container",
Long: execDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/exists.go b/cmd/podman/exists.go
index 74a4c841b..c01a6a081 100644
--- a/cmd/podman/exists.go
+++ b/cmd/podman/exists.go
@@ -32,7 +32,7 @@ var (
Check if a pod exists in local storage
`
_imageExistsCommand = &cobra.Command{
- Use: "exists",
+ Use: "exists IMAGE",
Short: "Check if an image exists in local storage",
Long: imageExistsDescription,
RunE: func(cmd *cobra.Command, args []string) error {
@@ -44,7 +44,7 @@ var (
}
_containerExistsCommand = &cobra.Command{
- Use: "exists",
+ Use: "exists CONTAINER",
Short: "Check if a container exists in local storage",
Long: containerExistsDescription,
RunE: func(cmd *cobra.Command, args []string) error {
@@ -57,7 +57,7 @@ var (
}
_podExistsCommand = &cobra.Command{
- Use: "exists",
+ Use: "exists POD",
Short: "Check if a pod exists in local storage",
Long: podExistsDescription,
RunE: func(cmd *cobra.Command, args []string) error {
@@ -71,10 +71,13 @@ var (
func init() {
imageExistsCommand.Command = _imageExistsCommand
+ imageExistsCommand.DisableFlagsInUseLine = true
imageExistsCommand.SetUsageTemplate(UsageTemplate())
containerExistsCommand.Command = _containerExistsCommand
+ containerExistsCommand.DisableFlagsInUseLine = true
containerExistsCommand.SetUsageTemplate(UsageTemplate())
podExistsCommand.Command = _podExistsCommand
+ podExistsCommand.DisableFlagsInUseLine = true
podExistsCommand.SetUsageTemplate(UsageTemplate())
}
diff --git a/cmd/podman/export.go b/cmd/podman/export.go
index 5873bad3d..d40c05019 100644
--- a/cmd/podman/export.go
+++ b/cmd/podman/export.go
@@ -17,7 +17,7 @@ var (
" and saves it on the local machine."
_exportCommand = &cobra.Command{
- Use: "export",
+ Use: "export [flags] CONTAINER",
Short: "Export container's filesystem contents as a tar archive",
Long: exportDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/generate_kube.go b/cmd/podman/generate_kube.go
index 15f374c73..090f99495 100644
--- a/cmd/podman/generate_kube.go
+++ b/cmd/podman/generate_kube.go
@@ -17,7 +17,7 @@ var (
containerKubeCommand cliconfig.GenerateKubeValues
containerKubeDescription = "Generate Kubernetes Pod YAML"
_containerKubeCommand = &cobra.Command{
- Use: "kube",
+ Use: "kube CONTAINER | POD",
Short: "Generate Kubernetes pod YAML for a container or pod",
Long: containerKubeDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/history.go b/cmd/podman/history.go
index 103ef08e8..533ee91cb 100644
--- a/cmd/podman/history.go
+++ b/cmd/podman/history.go
@@ -40,7 +40,7 @@ var (
historyDescription = "Displays the history of an image. The information can be printed out in an easy to read, " +
"or user specified format, and can be truncated."
_historyCommand = &cobra.Command{
- Use: "history",
+ Use: "history [flags] IMAGE",
Short: "Show history of a specified image",
Long: historyDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/import.go b/cmd/podman/import.go
index a64b03d6d..ddf1bd802 100644
--- a/cmd/podman/import.go
+++ b/cmd/podman/import.go
@@ -17,7 +17,7 @@ var (
Optionally tag the image. You can specify the instructions using the --change option.
`
_importCommand = &cobra.Command{
- Use: "import",
+ Use: "import [flags] PATH [REFERENCE]",
Short: "Import a tarball to create a filesystem image",
Long: importDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/inspect.go b/cmd/podman/inspect.go
index 46883b31d..1c93a03e1 100644
--- a/cmd/podman/inspect.go
+++ b/cmd/podman/inspect.go
@@ -26,7 +26,7 @@ var (
inspectDescription = "This displays the low-level information on containers and images identified by name or ID. By default, this will render all results in a JSON array. If the container and image have the same name, this will return container JSON for unspecified type."
_inspectCommand = &cobra.Command{
- Use: "inspect",
+ Use: "inspect [flags] CONTAINER | IMAGE",
Short: "Display the configuration of a container or image",
Long: inspectDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/kill.go b/cmd/podman/kill.go
index eb72d53e7..76d2516b7 100644
--- a/cmd/podman/kill.go
+++ b/cmd/podman/kill.go
@@ -20,7 +20,7 @@ var (
killDescription = "The main process inside each container specified will be sent SIGKILL, or any signal specified with option --signal."
_killCommand = &cobra.Command{
- Use: "kill",
+ Use: "kill [flags] CONTAINER [CONTAINER...]",
Short: "Kill one or more running containers with a specific signal",
Long: killDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/libpodruntime/runtime.go b/cmd/podman/libpodruntime/runtime.go
index 880b281bd..2b96f0c20 100644
--- a/cmd/podman/libpodruntime/runtime.go
+++ b/cmd/podman/libpodruntime/runtime.go
@@ -5,6 +5,7 @@ import (
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/rootless"
"github.com/containers/libpod/pkg/util"
+ "github.com/containers/storage"
"github.com/pkg/errors"
)
@@ -20,11 +21,8 @@ func GetRuntime(c *cliconfig.PodmanCommand) (*libpod.Runtime, error) {
func getRuntime(c *cliconfig.PodmanCommand, renumber bool) (*libpod.Runtime, error) {
options := []libpod.RuntimeOption{}
-
- storageOpts, volumePath, err := util.GetDefaultStoreOptions()
- if err != nil {
- return nil, err
- }
+ storageOpts := storage.StoreOptions{}
+ storageSet := false
uidmapFlag := c.Flags().Lookup("uidmap")
gidmapFlag := c.Flags().Lookup("gidmap")
@@ -43,25 +41,33 @@ func getRuntime(c *cliconfig.PodmanCommand, renumber bool) (*libpod.Runtime, err
storageOpts.UIDMap = mappings.UIDMap
storageOpts.GIDMap = mappings.GIDMap
+ storageSet = true
}
if c.Flags().Changed("root") {
+ storageSet = true
storageOpts.GraphRoot = c.GlobalFlags.Root
}
if c.Flags().Changed("runroot") {
+ storageSet = true
storageOpts.RunRoot = c.GlobalFlags.Runroot
}
if len(storageOpts.RunRoot) > 50 {
return nil, errors.New("the specified runroot is longer than 50 characters")
}
if c.Flags().Changed("storage-driver") {
+ storageSet = true
storageOpts.GraphDriverName = c.GlobalFlags.StorageDriver
}
if len(c.GlobalFlags.StorageOpts) > 0 {
+ storageSet = true
storageOpts.GraphDriverOptions = c.GlobalFlags.StorageOpts
}
- options = append(options, libpod.WithStorageConfig(storageOpts))
+ // Only set this if the user changes storage config on the command line
+ if storageSet {
+ options = append(options, libpod.WithStorageConfig(storageOpts))
+ }
// TODO CLI flags for image config?
// TODO CLI flag for signature policy?
@@ -120,7 +126,6 @@ func getRuntime(c *cliconfig.PodmanCommand, renumber bool) (*libpod.Runtime, err
infraCommand, _ := c.Flags().GetString("infra-command")
options = append(options, libpod.WithDefaultInfraCommand(infraCommand))
}
- options = append(options, libpod.WithVolumePath(volumePath))
if c.Flags().Changed("config") {
return libpod.NewRuntimeFromConfig(c.GlobalFlags.Config, options...)
}
diff --git a/cmd/podman/load.go b/cmd/podman/load.go
index 272cd78d2..5a0742aba 100644
--- a/cmd/podman/load.go
+++ b/cmd/podman/load.go
@@ -17,7 +17,7 @@ var (
loadDescription = "Loads the image from docker-archive stored on the local machine."
_loadCommand = &cobra.Command{
- Use: "load",
+ Use: "load [flags] [PATH]",
Short: "Load an image from docker archive",
Long: loadDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/login.go b/cmd/podman/login.go
index b02a4b3f9..48d4eefbc 100644
--- a/cmd/podman/login.go
+++ b/cmd/podman/login.go
@@ -21,7 +21,7 @@ var (
loginDescription = "Login to a container registry on a specified server."
_loginCommand = &cobra.Command{
- Use: "login",
+ Use: "login [flags] REGISTRY",
Short: "Login to a container registry",
Long: loginDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/logout.go b/cmd/podman/logout.go
index 4108887f0..2a540ceba 100644
--- a/cmd/podman/logout.go
+++ b/cmd/podman/logout.go
@@ -14,7 +14,7 @@ var (
logoutCommand cliconfig.LogoutValues
logoutDescription = "Remove the cached username and password for the registry."
_logoutCommand = &cobra.Command{
- Use: "logout",
+ Use: "logout [flags] REGISTRY",
Short: "Logout of a container registry",
Long: logoutDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/logs.go b/cmd/podman/logs.go
index 97d835d8f..a02010eda 100644
--- a/cmd/podman/logs.go
+++ b/cmd/podman/logs.go
@@ -18,7 +18,7 @@ var (
logsDescription = "The podman logs command batch-retrieves whatever logs are present for a container at the time of execution. This does not guarantee execution" +
"order when combined with podman run (i.e. your run may not have generated any logs at the time you execute podman logs"
_logsCommand = &cobra.Command{
- Use: "logs",
+ Use: "logs [flags] CONTAINER",
Short: "Fetch the logs of a container",
Long: logsDescription,
RunE: func(cmd *cobra.Command, args []string) error {
@@ -38,7 +38,7 @@ func init() {
flags := logsCommand.Flags()
flags.BoolVar(&logsCommand.Details, "details", false, "Show extra details provided to the logs")
flags.BoolVarP(&logsCommand.Follow, "follow", "f", false, "Follow log output. The default is false")
- flags.BoolVarP(&waitCommand.Latest, "latest", "l", false, "Act on the latest container podman is aware of")
+ flags.BoolVarP(&logsCommand.Latest, "latest", "l", false, "Act on the latest container podman is aware of")
flags.StringVar(&logsCommand.Since, "since", "", "Show logs since TIMESTAMP")
flags.Uint64Var(&logsCommand.Tail, "tail", 0, "Output the specified number of LINES at the end of the logs. Defaults to 0, which prints all lines")
flags.BoolVarP(&logsCommand.Timestamps, "timestamps", "t", false, "Output the timestamps in the log")
diff --git a/cmd/podman/mount.go b/cmd/podman/mount.go
index f4a7bd5ea..3a3432194 100644
--- a/cmd/podman/mount.go
+++ b/cmd/podman/mount.go
@@ -26,7 +26,7 @@ var (
`
_mountCommand = &cobra.Command{
- Use: "mount",
+ Use: "mount [flags] CONTAINER",
Short: "Mount a working container's root filesystem",
Long: mountDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/pause.go b/cmd/podman/pause.go
index 94bb0edfe..3a5b80359 100644
--- a/cmd/podman/pause.go
+++ b/cmd/podman/pause.go
@@ -20,7 +20,7 @@ var (
Pauses one or more running containers. The container name or ID can be used.
`
_pauseCommand = &cobra.Command{
- Use: "pause",
+ Use: "pause [flags] CONTAINER [CONTAINER...]",
Short: "Pause all the processes in one or more containers",
Long: pauseDescription,
RunE: func(cmd *cobra.Command, args []string) error {
@@ -30,7 +30,7 @@ var (
},
Example: `podman pause mywebserver
podman pause 860a4b23
- podman stop -a`,
+ podman pause -a`,
}
)
diff --git a/cmd/podman/play_kube.go b/cmd/podman/play_kube.go
index a59460b71..6f23e340e 100644
--- a/cmd/podman/play_kube.go
+++ b/cmd/podman/play_kube.go
@@ -29,7 +29,7 @@ var (
playKubeCommand cliconfig.KubePlayValues
playKubeDescription = "Play a Pod and its containers based on a Kubrernetes YAML"
_playKubeCommand = &cobra.Command{
- Use: "kube",
+ Use: "kube [flags] KUBEFILE",
Short: "Play a pod based on Kubernetes YAML",
Long: playKubeDescription,
RunE: func(cmd *cobra.Command, args []string) error {
@@ -153,7 +153,7 @@ func playKubeYAMLCmd(c *cliconfig.KubePlayValues) error {
// start the containers
for _, ctr := range containers {
- if err := ctr.Start(ctx, false); err != nil {
+ if err := ctr.Start(ctx, true); err != nil {
// Making this a hard failure here to avoid a mess
// the other containers are in created status
return err
diff --git a/cmd/podman/pod_inspect.go b/cmd/podman/pod_inspect.go
index 5a32b5c5d..8b2747af0 100644
--- a/cmd/podman/pod_inspect.go
+++ b/cmd/podman/pod_inspect.go
@@ -14,7 +14,7 @@ var (
podInspectCommand cliconfig.PodInspectValues
podInspectDescription = "Display the configuration for a pod by name or id"
_podInspectCommand = &cobra.Command{
- Use: "inspect",
+ Use: "inspect [flags] POD",
Short: "Displays a pod configuration",
Long: podInspectDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/pod_kill.go b/cmd/podman/pod_kill.go
index aaaae0f7d..70d86d186 100644
--- a/cmd/podman/pod_kill.go
+++ b/cmd/podman/pod_kill.go
@@ -16,7 +16,7 @@ var (
podKillCommand cliconfig.PodKillValues
podKillDescription = "The main process of each container inside the specified pod will be sent SIGKILL, or any signal specified with option --signal."
_podKillCommand = &cobra.Command{
- Use: "kill",
+ Use: "kill [flags] POD [POD...]",
Short: "Send the specified signal or SIGKILL to containers in pod",
Long: podKillDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/pod_pause.go b/cmd/podman/pod_pause.go
index 284740d22..f7c90dbbe 100644
--- a/cmd/podman/pod_pause.go
+++ b/cmd/podman/pod_pause.go
@@ -13,7 +13,7 @@ var (
podPauseCommand cliconfig.PodPauseValues
podPauseDescription = `Pauses one or more pods. The pod name or ID can be used.`
_podPauseCommand = &cobra.Command{
- Use: "pause",
+ Use: "pause [flags] POD [POD...]",
Short: "Pause one or more pods",
Long: podPauseDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/pod_restart.go b/cmd/podman/pod_restart.go
index 741fce588..ba77e1409 100644
--- a/cmd/podman/pod_restart.go
+++ b/cmd/podman/pod_restart.go
@@ -14,7 +14,7 @@ var (
podRestartCommand cliconfig.PodRestartValues
podRestartDescription = `Restarts one or more pods. The pod ID or name can be used.`
_podRestartCommand = &cobra.Command{
- Use: "restart",
+ Use: "restart [flags] POD [POD...]",
Short: "Restart one or more pods",
Long: podRestartDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/pod_rm.go b/cmd/podman/pod_rm.go
index ba16d03c7..fa452b061 100644
--- a/cmd/podman/pod_rm.go
+++ b/cmd/podman/pod_rm.go
@@ -18,7 +18,7 @@ be used. A pod with containers will not be removed without --force.
If --force is specified, all containers will be stopped, then removed.
`)
_podRmCommand = &cobra.Command{
- Use: "rm",
+ Use: "rm [flags] POD [POD...]",
Short: "Remove one or more pods",
Long: podRmDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/pod_start.go b/cmd/podman/pod_start.go
index 5761afd52..eef9d2a71 100644
--- a/cmd/podman/pod_start.go
+++ b/cmd/podman/pod_start.go
@@ -18,7 +18,7 @@ var (
Starts one or more pods. The pod name or ID can be used.
`
_podStartCommand = &cobra.Command{
- Use: "start",
+ Use: "start POD [POD...]",
Short: "Start one or more pods",
Long: podStartDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/pod_stats.go b/cmd/podman/pod_stats.go
index 907d6a547..f5edd21f8 100644
--- a/cmd/podman/pod_stats.go
+++ b/cmd/podman/pod_stats.go
@@ -24,7 +24,7 @@ var (
podStatsCommand cliconfig.PodStatsValues
podStatsDescription = "Display a live stream of resource usage statistics for the containers in or more pods"
_podStatsCommand = &cobra.Command{
- Use: "stats",
+ Use: "stats [flags] POD [POD...]",
Short: "Display percentage of CPU, memory, network I/O, block I/O and PIDs for containers in one or more pods",
Long: podStatsDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/pod_stop.go b/cmd/podman/pod_stop.go
index 62d0d4aa5..951cf082a 100644
--- a/cmd/podman/pod_stop.go
+++ b/cmd/podman/pod_stop.go
@@ -19,7 +19,7 @@ var (
`
_podStopCommand = &cobra.Command{
- Use: "stop",
+ Use: "stop [flags] POD [POD...]",
Short: "Stop one or more pods",
Long: podStopDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/pod_top.go b/cmd/podman/pod_top.go
index 790118496..6a26e3dff 100644
--- a/cmd/podman/pod_top.go
+++ b/cmd/podman/pod_top.go
@@ -25,7 +25,7 @@ the latest pod.
`, getDescriptorString())
_podTopCommand = &cobra.Command{
- Use: "top",
+ Use: "top [flags] CONTAINER [FORMAT-DESCRIPTORS]",
Short: "Display the running processes of containers in a pod",
Long: podTopDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/pod_unpause.go b/cmd/podman/pod_unpause.go
index 16481d0e2..6b142d573 100644
--- a/cmd/podman/pod_unpause.go
+++ b/cmd/podman/pod_unpause.go
@@ -14,7 +14,7 @@ var (
podUnpauseCommand cliconfig.PodUnpauseValues
podUnpauseDescription = `Unpauses one or more pods. The pod name or ID can be used.`
_podUnpauseCommand = &cobra.Command{
- Use: "unpause",
+ Use: "unpause [flags] POD [POD...]",
Short: "Unpause one or more pods",
Long: podUnpauseDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/port.go b/cmd/podman/port.go
index bcf372a51..1c3086536 100644
--- a/cmd/podman/port.go
+++ b/cmd/podman/port.go
@@ -20,7 +20,7 @@ var (
List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT
`
_portCommand = &cobra.Command{
- Use: "port",
+ Use: "port [flags] CONTAINER",
Short: "List port mappings or a specific mapping for the container",
Long: portDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/pull.go b/cmd/podman/pull.go
index 71f555162..5f4658fe1 100644
--- a/cmd/podman/pull.go
+++ b/cmd/podman/pull.go
@@ -29,7 +29,7 @@ An image can be pulled using its tag or digest. If a tag is not
specified, the image with the 'latest' tag (if it exists) is pulled
`
_pullCommand = &cobra.Command{
- Use: "pull",
+ Use: "pull [flags] IMAGE-PATH",
Short: "Pull an image from a registry",
Long: pullDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/push.go b/cmd/podman/push.go
index 56261a8d3..bc909cb5e 100644
--- a/cmd/podman/push.go
+++ b/cmd/podman/push.go
@@ -26,7 +26,7 @@ var (
See podman-push(1) section "DESTINATION" for the expected format`)
_pushCommand = &cobra.Command{
- Use: "push",
+ Use: "push [flags] IMAGE REGISTRY",
Short: "Push an image to a specified destination",
Long: pushDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/restart.go b/cmd/podman/restart.go
index 58fb38874..2bebde4f9 100644
--- a/cmd/podman/restart.go
+++ b/cmd/podman/restart.go
@@ -18,7 +18,7 @@ var (
restartCommand cliconfig.RestartValues
restartDescription = `Restarts one or more running containers. The container ID or name can be used. A timeout before forcibly stopping can be set, but defaults to 10 seconds`
_restartCommand = &cobra.Command{
- Use: "restart",
+ Use: "restart [flags] CONTAINER [CONTAINER...]",
Short: "Restart one or more containers",
Long: restartDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/restore.go b/cmd/podman/restore.go
index 5f6e7b892..73d355734 100644
--- a/cmd/podman/restore.go
+++ b/cmd/podman/restore.go
@@ -21,7 +21,7 @@ var (
Restores a container from a checkpoint. The container name or ID can be used.
`
_restoreCommand = &cobra.Command{
- Use: "restore",
+ Use: "restore [flags] CONTAINER [CONTAINER...]",
Short: "Restores one or more containers from a checkpoint",
Long: restoreDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/rm.go b/cmd/podman/rm.go
index 2dcb491d7..61b049840 100644
--- a/cmd/podman/rm.go
+++ b/cmd/podman/rm.go
@@ -21,7 +21,7 @@ The container name or ID can be used. This does not remove images.
Running containers will not be removed without the -f option.
`)
_rmCommand = &cobra.Command{
- Use: "rm",
+ Use: "rm [flags] CONTAINER [CONTAINER...]",
Short: "Remove one or more containers",
Long: rmDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/rmi.go b/cmd/podman/rmi.go
index 709ed14e0..0963b1328 100644
--- a/cmd/podman/rmi.go
+++ b/cmd/podman/rmi.go
@@ -17,7 +17,7 @@ var (
rmiCommand cliconfig.RmiValues
rmiDescription = "Removes one or more locally stored images."
_rmiCommand = &cobra.Command{
- Use: "rmi",
+ Use: "rmi [flags] IMAGE [IMAGE...]",
Short: "Removes one or more images from local storage",
Long: rmiDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/run.go b/cmd/podman/run.go
index bea9b1743..f66b939d3 100644
--- a/cmd/podman/run.go
+++ b/cmd/podman/run.go
@@ -23,7 +23,7 @@ var (
runDescription = "Runs a command in a new container from the given image"
_runCommand = &cobra.Command{
- Use: "run",
+ Use: "run [flags] IMAGE [COMMAND [ARG...]]",
Short: "Run a command in a new container",
Long: runDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/runlabel.go b/cmd/podman/runlabel.go
index d466651f3..bc4e650f9 100644
--- a/cmd/podman/runlabel.go
+++ b/cmd/podman/runlabel.go
@@ -22,7 +22,7 @@ var (
Executes a command as described by a container image label.
`
_runlabelCommand = &cobra.Command{
- Use: "runlabel",
+ Use: "runlabel [flags] LABEL IMAGE [ARG...]",
Short: "Execute the command described by an image label",
Long: runlabelDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/save.go b/cmd/podman/save.go
index 161540deb..3bc283772 100644
--- a/cmd/podman/save.go
+++ b/cmd/podman/save.go
@@ -28,7 +28,7 @@ var (
Default is docker-archive`
_saveCommand = &cobra.Command{
- Use: "save",
+ Use: "save [flags] IMAGE",
Short: "Save image to an archive",
Long: saveDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/search.go b/cmd/podman/search.go
index f63131c84..5c14f1ff1 100644
--- a/cmd/podman/search.go
+++ b/cmd/podman/search.go
@@ -22,7 +22,7 @@ var (
Search registries for a given image. Can search all the default registries or a specific registry.
Can limit the number of results, and filter the output based on certain conditions.`
_searchCommand = &cobra.Command{
- Use: "search",
+ Use: "search [flags] TERM",
Short: "Search registry for image",
Long: searchDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/sign.go b/cmd/podman/sign.go
index 6e8f9ee95..2cf228d01 100644
--- a/cmd/podman/sign.go
+++ b/cmd/podman/sign.go
@@ -24,7 +24,7 @@ var (
signCommand cliconfig.SignValues
signDescription = "Create a signature file that can be used later to verify the image"
_signCommand = &cobra.Command{
- Use: "sign",
+ Use: "sign [flags] IMAGE [IMAGE...]",
Short: "Sign an image",
Long: signDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/start.go b/cmd/podman/start.go
index c645a35c4..3ce04ea79 100644
--- a/cmd/podman/start.go
+++ b/cmd/podman/start.go
@@ -21,7 +21,7 @@ var (
Starts one or more containers. The container name or ID can be used.
`
_startCommand = &cobra.Command{
- Use: "start",
+ Use: "start [flags] CONTAINER [CONTAINER...]",
Short: "Start one or more containers",
Long: startDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/stats.go b/cmd/podman/stats.go
index 2bbcd0a17..dcb274471 100644
--- a/cmd/podman/stats.go
+++ b/cmd/podman/stats.go
@@ -33,7 +33,7 @@ var (
statsDescription = "display a live stream of one or more containers' resource usage statistics"
_statsCommand = &cobra.Command{
- Use: "stats",
+ Use: "stats [flags] CONTAINER [CONTAINER...]",
Short: "Display percentage of CPU, memory, network I/O, block I/O and PIDs for one or more containers",
Long: statsDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/stop.go b/cmd/podman/stop.go
index 67c15b2a8..d86894a6f 100644
--- a/cmd/podman/stop.go
+++ b/cmd/podman/stop.go
@@ -24,7 +24,7 @@ var (
seconds otherwise.
`
_stopCommand = &cobra.Command{
- Use: "stop",
+ Use: "stop [flags] CONTAINER [CONTAINER...]",
Short: "Stop one or more containers",
Long: stopDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/tag.go b/cmd/podman/tag.go
index 2b9d67066..98c6e3449 100644
--- a/cmd/podman/tag.go
+++ b/cmd/podman/tag.go
@@ -12,7 +12,7 @@ var (
tagDescription = "Adds one or more additional names to locally-stored image"
_tagCommand = &cobra.Command{
- Use: "tag",
+ Use: "tag [flags] IMAGE TAG [TAG...]",
Short: "Add an additional name to a local image",
Long: tagDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/top.go b/cmd/podman/top.go
index 36d6bb6b4..cdf270fa7 100644
--- a/cmd/podman/top.go
+++ b/cmd/podman/top.go
@@ -34,7 +34,7 @@ the latest container.
`, getDescriptorString())
_topCommand = &cobra.Command{
- Use: "top",
+ Use: "top [flags] CONTAINER [FORMAT-DESCRIPTIOS]",
Short: "Display the running processes of a container",
Long: topDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/umount.go b/cmd/podman/umount.go
index 6d9009388..48c97fa31 100644
--- a/cmd/podman/umount.go
+++ b/cmd/podman/umount.go
@@ -22,7 +22,7 @@ counter reaches zero indicating no other processes are using the mount.
An unmount can be forced with the --force flag.
`
_umountCommand = &cobra.Command{
- Use: "umount",
+ Use: "umount [flags] CONTAINER [CONTAINER...]",
Aliases: []string{"unmount"},
Short: "Unmounts working container's root filesystem",
Long: description,
diff --git a/cmd/podman/unpause.go b/cmd/podman/unpause.go
index efd9a20a3..58fd19fe1 100644
--- a/cmd/podman/unpause.go
+++ b/cmd/podman/unpause.go
@@ -21,7 +21,7 @@ var (
Unpauses one or more running containers. The container name or ID can be used.
`
_unpauseCommand = &cobra.Command{
- Use: "unpause",
+ Use: "unpause [flags] CONTAINER [CONTAINER...]",
Short: "Unpause the processes in one or more containers",
Long: unpauseDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/varlink.go b/cmd/podman/varlink.go
index d9c6cdb47..f19d03885 100644
--- a/cmd/podman/varlink.go
+++ b/cmd/podman/varlink.go
@@ -24,7 +24,7 @@ var (
run varlink interface
`
_varlinkCommand = &cobra.Command{
- Use: "varlink",
+ Use: "varlink [flags] URI",
Short: "Run varlink interface",
Long: varlinkDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/volume_create.go b/cmd/podman/volume_create.go
index 833191082..96b2ed8c7 100644
--- a/cmd/podman/volume_create.go
+++ b/cmd/podman/volume_create.go
@@ -18,7 +18,7 @@ Creates a new volume. If using the default driver, "local", the volume will
be created at.`
_volumeCreateCommand = &cobra.Command{
- Use: "create",
+ Use: "create [flags] [NAME]",
Short: "Create a new volume",
Long: volumeCreateDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/volume_inspect.go b/cmd/podman/volume_inspect.go
index dc6afbc36..8add7a375 100644
--- a/cmd/podman/volume_inspect.go
+++ b/cmd/podman/volume_inspect.go
@@ -16,7 +16,7 @@ Display detailed information on one or more volumes. Can change the format
from JSON to a Go template.
`
_volumeInspectCommand = &cobra.Command{
- Use: "inspect",
+ Use: "inspect [flags] VOLUME [VOLUME...]",
Short: "Display detailed information on one or more volumes",
Long: volumeInspectDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/volume_rm.go b/cmd/podman/volume_rm.go
index 03b6ccae1..73b1a6668 100644
--- a/cmd/podman/volume_rm.go
+++ b/cmd/podman/volume_rm.go
@@ -19,7 +19,7 @@ not being used by any containers. To remove the volumes anyways, use the
--force flag.
`
_volumeRmCommand = &cobra.Command{
- Use: "rm",
+ Use: "rm [flags] VOLUME [VOLUME...]",
Aliases: []string{"remove"},
Short: "Remove one or more volumes",
Long: volumeRmDescription,
diff --git a/cmd/podman/wait.go b/cmd/podman/wait.go
index 9df7cdbae..9df2e3208 100644
--- a/cmd/podman/wait.go
+++ b/cmd/podman/wait.go
@@ -20,7 +20,7 @@ var (
Block until one or more containers stop and then print their exit codes
`
_waitCommand = &cobra.Command{
- Use: "wait",
+ Use: "wait [flags] CONTAINER [CONTAINER...]",
Short: "Block on one or more containers",
Long: waitDescription,
RunE: func(cmd *cobra.Command, args []string) error {
diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in
index bf75522dc..703b942b6 100644
--- a/contrib/spec/podman.spec.in
+++ b/contrib/spec/podman.spec.in
@@ -39,7 +39,7 @@
%global shortcommit_conmon %(c=%{commit_conmon}; echo ${c:0:7})
Name: podman
-Version: 1.0.1
+Version: 1.2.0
Release: #COMMITDATE#.git%{shortcommit0}%{?dist}
Summary: Manage Pods, Containers and Container Images
License: ASL 2.0
diff --git a/docs/libpod.conf.5.md b/docs/libpod.conf.5.md
index 0836c45fa..9a19e1224 100644
--- a/docs/libpod.conf.5.md
+++ b/docs/libpod.conf.5.md
@@ -13,7 +13,7 @@ libpod to manage containers.
Default transport method for pulling and pushing images
**runtime**=""
- Default OCI runtime to use if nothing is specified
+ Default OCI runtime to use if nothing is specified in **runtimes**
**runtimes**
For each OCI runtime, specify a list of paths to look for. The first one found is used.
@@ -87,6 +87,10 @@ libpod to manage containers.
The default number available is 2048.
If this is changed, a lock renumbering must be performed, using the `podman system renumber` command.
+**volume_path**=""
+ Directory where named volumes will be created in using the default volume driver.
+ By default this will be configured relative to where containers/storage stores containers.
+
## FILES
`/usr/share/containers/libpod.conf`, default libpod configuration path
diff --git a/docs/podman-import.1.md b/docs/podman-import.1.md
index c80c4ff77..03055018a 100644
--- a/docs/podman-import.1.md
+++ b/docs/podman-import.1.md
@@ -4,13 +4,14 @@
podman\-import - Import a tarball and save it as a filesystem image
## SYNOPSIS
-**podman import** [*options*] *path*
+**podman import** [*options*] *path* [*reference*]
## DESCRIPTION
**podman import** imports a tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz)
and saves it as a filesystem image. Remote tarballs can be specified using a URL.
Various image instructions can be configured with the **--change** flag and
a commit message can be set using the **--message** flag.
+**reference**, if present, is a tag to assign to the image.
Note: `:` is a restricted character and cannot be part of the file name.
## OPTIONS
diff --git a/libpod.conf b/libpod.conf
index 8d6158ed5..211ba106d 100644
--- a/libpod.conf
+++ b/libpod.conf
@@ -93,6 +93,12 @@ pause_command = "/pause"
# 'podman system renumber' command).
num_locks = 2048
+# Directory for libpod named volumes.
+# By default, this will be configured relative to where containers/storage
+# stores containers.
+# Uncomment to change location from this default.
+#volume_path = "/var/lib/containers/storage/volumes"
+
# Default OCI runtime
runtime = "runc"
diff --git a/libpod/boltdb_state.go b/libpod/boltdb_state.go
index 25ef5cd0e..c226a0617 100644
--- a/libpod/boltdb_state.go
+++ b/libpod/boltdb_state.go
@@ -261,12 +261,14 @@ func (s *BoltState) GetDBConfig() (*DBConfig, error) {
storageRoot := configBucket.Get(graphRootKey)
storageTmp := configBucket.Get(runRootKey)
graphDriver := configBucket.Get(graphDriverKey)
+ volumePath := configBucket.Get(volPathKey)
cfg.LibpodRoot = string(libpodRoot)
cfg.LibpodTmp = string(libpodTmp)
cfg.StorageRoot = string(storageRoot)
cfg.StorageTmp = string(storageTmp)
cfg.GraphDriver = string(graphDriver)
+ cfg.VolumePath = string(volumePath)
return nil
})
diff --git a/libpod/boltdb_state_internal.go b/libpod/boltdb_state_internal.go
index 3d749849d..936ccbf4c 100644
--- a/libpod/boltdb_state_internal.go
+++ b/libpod/boltdb_state_internal.go
@@ -38,6 +38,7 @@ const (
graphRootName = "graph-root"
graphDriverName = "graph-driver-name"
osName = "os"
+ volPathName = "volume-path"
)
var (
@@ -67,6 +68,7 @@ var (
graphRootKey = []byte(graphRootName)
graphDriverKey = []byte(graphDriverName)
osKey = []byte(osName)
+ volPathKey = []byte(volPathName)
)
// Check if the configuration of the database is compatible with the
@@ -105,10 +107,15 @@ func checkRuntimeConfig(db *bolt.DB, rt *Runtime) error {
return err
}
- return validateDBAgainstConfig(configBkt, "storage graph driver",
+ if err := validateDBAgainstConfig(configBkt, "storage graph driver",
rt.config.StorageConfig.GraphDriverName,
graphDriverKey,
- storage.DefaultStoreOptions.GraphDriverName)
+ storage.DefaultStoreOptions.GraphDriverName); err != nil {
+ return err
+ }
+
+ return validateDBAgainstConfig(configBkt, "volume path",
+ rt.config.VolumePath, volPathKey, "")
})
return err
diff --git a/libpod/info.go b/libpod/info.go
index 191ce6810..62088b730 100644
--- a/libpod/info.go
+++ b/libpod/info.go
@@ -121,6 +121,7 @@ func (r *Runtime) storeInfo() (map[string]interface{}, error) {
info["RunRoot"] = r.store.RunRoot()
info["GraphDriverName"] = r.store.GraphDriverName()
info["GraphOptions"] = r.store.GraphOptions()
+ info["VolumePath"] = r.config.VolumePath
statusPairs, err := r.store.Status()
if err != nil {
return nil, err
diff --git a/libpod/options.go b/libpod/options.go
index e22c81f91..1e8592a25 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -47,6 +47,11 @@ func WithStorageConfig(config storage.StoreOptions) RuntimeOption {
rt.config.StaticDir = filepath.Join(config.GraphRoot, "libpod")
rt.configuredFrom.libpodStaticDirSet = true
+ // Also set libpod volume path, so we are a subdirectory
+ // of the c/storage store by default
+ rt.config.VolumePath = filepath.Join(config.GraphRoot, "volumes")
+ rt.configuredFrom.volPathSet = true
+
setField = true
}
@@ -359,6 +364,7 @@ func WithVolumePath(volPath string) RuntimeOption {
}
rt.config.VolumePath = volPath
+ rt.configuredFrom.volPathSet = true
return nil
}
@@ -1242,6 +1248,22 @@ func WithVolumeOptions(options map[string]string) VolumeCreateOption {
}
}
+// withSetCtrSpecific sets a bool notifying libpod that a volume was created
+// specifically for a container.
+// These volumes will be removed when the container is removed and volumes are
+// also specified for removal.
+func withSetCtrSpecific() VolumeCreateOption {
+ return func(volume *Volume) error {
+ if volume.valid {
+ return ErrVolumeFinalized
+ }
+
+ volume.config.IsCtrSpecific = true
+
+ return nil
+ }
+}
+
// Pod Creation Options
// WithPodName sets the name of the pod.
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 52f4523ba..f53cdd8b8 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -123,7 +123,10 @@ type RuntimeConfig struct {
// Not included in on-disk config, use the dedicated containers/storage
// configuration file instead
StorageConfig storage.StoreOptions `toml:"-"`
- VolumePath string `toml:"volume_path"`
+ // VolumePath is the default location that named volumes will be created
+ // under. This convention is followed by the default volume driver, but
+ // may not be by other drivers.
+ VolumePath string `toml:"volume_path"`
// ImageDefaultTransport is the default transport method used to fetch
// images
ImageDefaultTransport string `toml:"image_default_transport"`
@@ -232,12 +235,14 @@ type runtimeConfiguredFrom struct {
storageRunRootSet bool
libpodStaticDirSet bool
libpodTmpDirSet bool
+ volPathSet bool
}
var (
defaultRuntimeConfig = RuntimeConfig{
// Leave this empty so containers/storage will use its defaults
StorageConfig: storage.StoreOptions{},
+ VolumePath: filepath.Join(storage.DefaultStoreOptions.GraphRoot, "volumes"),
ImageDefaultTransport: DefaultTransport,
StateType: BoltDBStateStore,
OCIRuntime: "runc",
@@ -326,16 +331,13 @@ func NewRuntime(options ...RuntimeOption) (runtime *Runtime, err error) {
deepcopier.Copy(defaultRuntimeConfig).To(runtime.config)
runtime.config.TmpDir = tmpDir
- if rootless.IsRootless() {
- // If we're rootless, override the default storage config
- storageConf, volumePath, err := util.GetDefaultStoreOptions()
- if err != nil {
- return nil, errors.Wrapf(err, "error retrieving rootless storage config")
- }
- runtime.config.StorageConfig = storageConf
- runtime.config.StaticDir = filepath.Join(storageConf.GraphRoot, "libpod")
- runtime.config.VolumePath = volumePath
+ storageConf, err := util.GetDefaultStoreOptions()
+ if err != nil {
+ return nil, errors.Wrapf(err, "error retrieving rootless storage config")
}
+ runtime.config.StorageConfig = storageConf
+ runtime.config.StaticDir = filepath.Join(storageConf.GraphRoot, "libpod")
+ runtime.config.VolumePath = filepath.Join(storageConf.GraphRoot, "volumes")
configPath := ConfigPath
foundConfig := true
@@ -400,6 +402,9 @@ func NewRuntime(options ...RuntimeOption) (runtime *Runtime, err error) {
if tmpConfig.TmpDir != "" {
runtime.configuredFrom.libpodTmpDirSet = true
}
+ if tmpConfig.VolumePath != "" {
+ runtime.configuredFrom.volPathSet = true
+ }
if _, err := toml.Decode(string(contents), runtime.config); err != nil {
return nil, errors.Wrapf(err, "error decoding configuration file %s", configPath)
@@ -624,29 +629,52 @@ func makeRuntime(runtime *Runtime) (err error) {
if !runtime.configuredFrom.storageGraphDriverSet && dbConfig.GraphDriver != "" {
if runtime.config.StorageConfig.GraphDriverName != dbConfig.GraphDriver &&
runtime.config.StorageConfig.GraphDriverName != "" {
- logrus.Errorf("User-selected graph driver %s overwritten by graph driver %s from database - delete libpod local files to resolve",
+ logrus.Errorf("User-selected graph driver %q overwritten by graph driver %q from database - delete libpod local files to resolve",
runtime.config.StorageConfig.GraphDriverName, dbConfig.GraphDriver)
}
runtime.config.StorageConfig.GraphDriverName = dbConfig.GraphDriver
}
if !runtime.configuredFrom.storageGraphRootSet && dbConfig.StorageRoot != "" {
+ if runtime.config.StorageConfig.GraphRoot != dbConfig.StorageRoot &&
+ runtime.config.StorageConfig.GraphRoot != "" {
+ logrus.Debugf("Overriding graph root %q with %q from database",
+ runtime.config.StorageConfig.GraphRoot, dbConfig.StorageRoot)
+ }
runtime.config.StorageConfig.GraphRoot = dbConfig.StorageRoot
}
if !runtime.configuredFrom.storageRunRootSet && dbConfig.StorageTmp != "" {
+ if runtime.config.StorageConfig.RunRoot != dbConfig.StorageTmp &&
+ runtime.config.StorageConfig.RunRoot != "" {
+ logrus.Debugf("Overriding run root %q with %q from database",
+ runtime.config.StorageConfig.RunRoot, dbConfig.StorageTmp)
+ }
runtime.config.StorageConfig.RunRoot = dbConfig.StorageTmp
}
if !runtime.configuredFrom.libpodStaticDirSet && dbConfig.LibpodRoot != "" {
+ if runtime.config.StaticDir != dbConfig.LibpodRoot && runtime.config.StaticDir != "" {
+ logrus.Debugf("Overriding static dir %q with %q from database", runtime.config.StaticDir, dbConfig.LibpodRoot)
+ }
runtime.config.StaticDir = dbConfig.LibpodRoot
}
if !runtime.configuredFrom.libpodTmpDirSet && dbConfig.LibpodTmp != "" {
+ if runtime.config.TmpDir != dbConfig.LibpodTmp && runtime.config.TmpDir != "" {
+ logrus.Debugf("Overriding tmp dir %q with %q from database", runtime.config.TmpDir, dbConfig.LibpodTmp)
+ }
runtime.config.TmpDir = dbConfig.LibpodTmp
}
+ if !runtime.configuredFrom.volPathSet && dbConfig.VolumePath != "" {
+ if runtime.config.VolumePath != dbConfig.VolumePath && runtime.config.VolumePath != "" {
+ logrus.Debugf("Overriding volume path %q with %q from database", runtime.config.VolumePath, dbConfig.VolumePath)
+ }
+ runtime.config.VolumePath = dbConfig.VolumePath
+ }
logrus.Debugf("Using graph driver %s", runtime.config.StorageConfig.GraphDriverName)
logrus.Debugf("Using graph root %s", runtime.config.StorageConfig.GraphRoot)
logrus.Debugf("Using run root %s", runtime.config.StorageConfig.RunRoot)
logrus.Debugf("Using static dir %s", runtime.config.StaticDir)
logrus.Debugf("Using tmp dir %s", runtime.config.TmpDir)
+ logrus.Debugf("Using volume path %s", runtime.config.VolumePath)
// Validate our config against the database, now that we've set our
// final storage configuration
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 2ec8d0795..cfa4f9654 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -180,7 +180,7 @@ func (r *Runtime) newContainer(ctx context.Context, rSpec *spec.Spec, options ..
if vol.Source[0] != '/' && isNamedVolume(vol.Source) {
volInfo, err := r.state.Volume(vol.Source)
if err != nil {
- newVol, err := r.newVolume(ctx, WithVolumeName(vol.Source))
+ newVol, err := r.newVolume(ctx, WithVolumeName(vol.Source), withSetCtrSpecific())
if err != nil {
return nil, errors.Wrapf(err, "error creating named volume %q", vol.Source)
}
@@ -421,6 +421,9 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force bool,
for _, v := range volumes {
if volume, err := runtime.state.Volume(v); err == nil {
+ if !volume.IsCtrSpecific() {
+ continue
+ }
if err := runtime.removeVolume(ctx, volume, false); err != nil && err != ErrNoSuchVolume && err != ErrVolumeBeingUsed {
logrus.Errorf("cleanup volume (%s): %v", v, err)
}
diff --git a/libpod/state.go b/libpod/state.go
index 98282fc83..4296fc3cd 100644
--- a/libpod/state.go
+++ b/libpod/state.go
@@ -8,6 +8,7 @@ type DBConfig struct {
StorageRoot string
StorageTmp string
GraphDriver string
+ VolumePath string
}
// State is a storage backend for libpod's current state.
diff --git a/libpod/volume.go b/libpod/volume.go
index 74878b6a4..0c7618841 100644
--- a/libpod/volume.go
+++ b/libpod/volume.go
@@ -15,11 +15,12 @@ type VolumeConfig struct {
// Name of the volume
Name string `json:"name"`
- Labels map[string]string `json:"labels"`
- MountPoint string `json:"mountPoint"`
- Driver string `json:"driver"`
- Options map[string]string `json:"options"`
- Scope string `json:"scope"`
+ Labels map[string]string `json:"labels"`
+ MountPoint string `json:"mountPoint"`
+ Driver string `json:"driver"`
+ Options map[string]string `json:"options"`
+ Scope string `json:"scope"`
+ IsCtrSpecific bool `json:"ctrSpecific"`
}
// Name retrieves the volume's name
@@ -60,3 +61,10 @@ func (v *Volume) Options() map[string]string {
func (v *Volume) Scope() string {
return v.config.Scope
}
+
+// IsCtrSpecific returns whether this volume was created specifically for a
+// given container. Images with this set to true will be removed when the
+// container is removed with the Volumes parameter set to true.
+func (v *Volume) IsCtrSpecific() bool {
+ return v.config.IsCtrSpecific
+}
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go
index 50e07ee74..31039bfdf 100644
--- a/pkg/spec/createconfig.go
+++ b/pkg/spec/createconfig.go
@@ -240,7 +240,7 @@ func (c *CreateConfig) GetVolumeMounts(specMounts []spec.Mount) ([]spec.Mount, e
}
for vol := range c.BuiltinImgVolumes {
- if libpod.MountExists(specMounts, vol) {
+ if libpod.MountExists(specMounts, vol) || libpod.MountExists(m, vol) {
continue
}
diff --git a/pkg/util/utils.go b/pkg/util/utils.go
index db8a3d5bb..a4576191b 100644
--- a/pkg/util/utils.go
+++ b/pkg/util/utils.go
@@ -259,15 +259,6 @@ func GetRootlessStorageOpts() (storage.StoreOptions, error) {
return opts, nil
}
-// GetRootlessVolumePath returns where all the name volumes will be created in rootless mode
-func GetRootlessVolumePath() (string, error) {
- dataDir, _, err := GetRootlessDirInfo()
- if err != nil {
- return "", err
- }
- return filepath.Join(dataDir, "containers", "storage", "volumes"), nil
-}
-
type tomlOptionsConfig struct {
MountProgram string `toml:"mount_program"`
}
@@ -297,25 +288,18 @@ func getTomlStorage(storeOptions *storage.StoreOptions) *tomlConfig {
return config
}
-// GetDefaultStoreOptions returns the storage ops for containers and the volume path
-// for the volume API
-// It also returns the path where all named volumes will be created using the volume API
-func GetDefaultStoreOptions() (storage.StoreOptions, string, error) {
+// GetDefaultStoreOptions returns the default storage ops for containers
+func GetDefaultStoreOptions() (storage.StoreOptions, error) {
var (
defaultRootlessRunRoot string
defaultRootlessGraphRoot string
err error
)
storageOpts := storage.DefaultStoreOptions
- volumePath := filepath.Join(storageOpts.GraphRoot, "volumes")
if rootless.IsRootless() {
storageOpts, err = GetRootlessStorageOpts()
if err != nil {
- return storageOpts, volumePath, err
- }
- volumePath, err = GetRootlessVolumePath()
- if err != nil {
- return storageOpts, volumePath, err
+ return storageOpts, err
}
}
@@ -332,7 +316,7 @@ func GetDefaultStoreOptions() (storage.StoreOptions, string, error) {
os.MkdirAll(filepath.Dir(storageConf), 0755)
file, err := os.OpenFile(storageConf, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0666)
if err != nil {
- return storageOpts, volumePath, errors.Wrapf(err, "cannot open %s", storageConf)
+ return storageOpts, errors.Wrapf(err, "cannot open %s", storageConf)
}
tomlConfiguration := getTomlStorage(&storageOpts)
@@ -353,7 +337,7 @@ func GetDefaultStoreOptions() (storage.StoreOptions, string, error) {
}
}
}
- return storageOpts, volumePath, nil
+ return storageOpts, nil
}
// StorageConfigFile returns the path to the storage config file used
diff --git a/vendor.conf b/vendor.conf
index 445f0844a..f739c76f4 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -15,7 +15,7 @@ github.com/containerd/cgroups 39b18af02c4120960f517a3a4c2588fabb61d02c
github.com/containerd/continuity 004b46473808b3e7a4a3049c20e4376c91eb966d
github.com/containernetworking/cni v0.7.0-alpha1
github.com/containernetworking/plugins v0.7.4
-github.com/containers/image v1.4
+github.com/containers/image v1.5
github.com/vbauerster/mpb v3.3.4
github.com/mattn/go-isatty v0.0.4
github.com/VividCortex/ewma v1.1.1
@@ -93,7 +93,7 @@ k8s.io/apimachinery kubernetes-1.10.13-beta.0 https://github.com/kubernetes/apim
k8s.io/client-go kubernetes-1.10.13-beta.0 https://github.com/kubernetes/client-go
github.com/mrunalp/fileutils 7d4729fb36185a7c1719923406c9d40e54fb93c7
github.com/varlink/go 3ac79db6fd6aec70924193b090962f92985fe199
-github.com/containers/buildah v1.7
+github.com/containers/buildah v1.7.1
# TODO: Gotty has not been updated since 2012. Can we find replacement?
github.com/Nvveen/Gotty cd527374f1e5bff4938207604a14f2e38a9cf512
# do not go beyond the below commit as the next one requires a more recent
diff --git a/vendor/github.com/containers/buildah/README.md b/vendor/github.com/containers/buildah/README.md
index 12eafdf88..913a4336f 100644
--- a/vendor/github.com/containers/buildah/README.md
+++ b/vendor/github.com/containers/buildah/README.md
@@ -35,18 +35,23 @@ For blogs, release announcements and more, please checkout the [buildah.io](http
## Buildah and Podman relationship
-Buildah and Podman are two complementary Open-source projects that are available on
-most Linux platforms and both projects reside at [GitHub.com](https://github.com)
-with Buildah [here](https://github.com/containers/buildah) and
-Podman [here](https://github.com/containers/libpod). Both Buildah and Podman are
-command line tools that work on OCI images and containers. The two projects
-differentiate in their specialization.
+Buildah and Podman are two complementary open-source projects that are
+available on most Linux platforms and both projects reside at
+[GitHub.com](https://github.com) with Buildah
+[here](https://github.com/containers/buildah) and Podman
+[here](https://github.com/containers/libpod). Both, Buildah and Podman are
+command line tools that work on Open Container Initiative (OCI) images and
+containers. The two projects differentiate in their specialization.
Buildah specializes in building OCI images. Buildah's commands replicate all
-of the commands that are found in a Dockerfile. Buildah’s goal is also to
-provide a lower level coreutils interface to build images, allowing people to build
-containers without requiring a Dockerfile. The intent with Buildah is to allow other
-scripting languages to build container images, without requiring a daemon.
+of the commands that are found in a Dockerfile. This allows building images
+with and without Dockerfiles while not requiring any root privileges.
+Buildah’s ultimate goal is to provide a lower-level coreutils interface to
+build images. The flexibility of building images without Dockerfiles allows
+for the integration of other scripting languages into the build process.
+Buildah follows a simple fork-exec model and does not run as a daemon
+but it is based on a comprehensive API in golang, which can be vendored
+into other tools.
Podman specializes in all of the commands and functions that help you to maintain and modify
OCI images, such as pulling and tagging. It also allows you to create, run, and maintain those containers
@@ -55,12 +60,12 @@ created from those images.
A major difference between Podman and Buildah is their concept of a container. Podman
allows users to create "traditional containers" where the intent of these containers is
to be long lived. While Buildah containers are really just created to allow content
-to be added back to the container image. An easy way to think of it is the
+to be added back to the container image. An easy way to think of it is the
`buildah run` command emulates the RUN command in a Dockerfile while the `podman run`
command emulates the `docker run` command in functionality. Because of this and their underlying
storage differences, you can not see Podman containers from within Buildah or vice versa.
-In short Buildah is an efficient way to create OCI images while Podman allows
+In short, Buildah is an efficient way to create OCI images while Podman allows
you to manage and maintain those images and containers in a production environment using
familiar container cli commands. For more details, see the
[Container Tools Guide](https://github.com/containers/buildah/tree/master/docs/containertools).
diff --git a/vendor/github.com/containers/buildah/buildah.go b/vendor/github.com/containers/buildah/buildah.go
index 755bc348e..cca80a308 100644
--- a/vendor/github.com/containers/buildah/buildah.go
+++ b/vendor/github.com/containers/buildah/buildah.go
@@ -26,7 +26,7 @@ const (
Package = "buildah"
// Version for the Package. Bump version in contrib/rpm/buildah.spec
// too.
- Version = "1.7"
+ Version = "1.7.1"
// The value we use to identify what type of information, currently a
// serialized Builder structure, we are using as per-container state.
// This should only be changed when we make incompatible changes to
diff --git a/vendor/github.com/containers/buildah/new.go b/vendor/github.com/containers/buildah/new.go
index 01c2e733f..768cdd0c6 100644
--- a/vendor/github.com/containers/buildah/new.go
+++ b/vendor/github.com/containers/buildah/new.go
@@ -303,7 +303,7 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions
}
conflict := 100
- for true {
+ for {
coptions := storage.ContainerOptions{
LabelOpts: options.CommonBuildOpts.LabelOpts,
IDMappingOptions: newContainerIDMappingOptions(options.IDMappingOptions),
diff --git a/vendor/github.com/containers/buildah/pkg/cli/common.go b/vendor/github.com/containers/buildah/pkg/cli/common.go
index 09f951b35..f167353b8 100644
--- a/vendor/github.com/containers/buildah/pkg/cli/common.go
+++ b/vendor/github.com/containers/buildah/pkg/cli/common.go
@@ -125,7 +125,7 @@ func GetNameSpaceFlags(flags *NameSpaceResults) pflag.FlagSet {
func GetLayerFlags(flags *LayerResults) pflag.FlagSet {
fs := pflag.FlagSet{}
fs.BoolVar(&flags.ForceRm, "force-rm", false, "Always remove intermediate containers after a build, even if the build is unsuccessful.")
- fs.BoolVar(&flags.Layers, "layers", false, fmt.Sprintf("cache intermediate layers during build. Use BUILDAH_LAYERS environment variable to override. (default %t)", UseLayers()))
+ fs.BoolVar(&flags.Layers, "layers", UseLayers(), fmt.Sprintf("cache intermediate layers during build. Use BUILDAH_LAYERS environment variable to override."))
return fs
}
@@ -152,7 +152,7 @@ func GetBudFlags(flags *BudResults) pflag.FlagSet {
fs.BoolVar(&flags.Pull, "pull", true, "pull the image if not present")
fs.BoolVar(&flags.PullAlways, "pull-always", false, "pull the image, even if a version is present")
fs.BoolVarP(&flags.Quiet, "quiet", "q", false, "refrain from announcing build instructions and image read/write progress")
- fs.BoolVar(&flags.Rm, "rm", true, "Remove intermediate containers after a successful build (default true)")
+ fs.BoolVar(&flags.Rm, "rm", true, "Remove intermediate containers after a successful build")
fs.StringVar(&flags.Runtime, "runtime", util.Runtime(), "`path` to an alternate runtime. Use BUILDAH_RUNTIME environment variable to override.")
fs.StringSliceVar(&flags.RuntimeFlags, "runtime-flag", []string{}, "add global flags for the container runtime")
fs.StringVar(&flags.SignaturePolicy, "signature-policy", "", "`pathname` of signature policy file (not usually used)")
diff --git a/vendor/github.com/containers/buildah/pkg/secrets/secrets.go b/vendor/github.com/containers/buildah/pkg/secrets/secrets.go
new file mode 100644
index 000000000..242953609
--- /dev/null
+++ b/vendor/github.com/containers/buildah/pkg/secrets/secrets.go
@@ -0,0 +1,319 @@
+package secrets
+
+import (
+ "bufio"
+ "io/ioutil"
+ "os"
+ "path/filepath"
+ "strings"
+
+ "github.com/containers/libpod/pkg/rootless"
+ rspec "github.com/opencontainers/runtime-spec/specs-go"
+ "github.com/opencontainers/selinux/go-selinux/label"
+ "github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
+)
+
+var (
+ // DefaultMountsFile holds the default mount paths in the form
+ // "host_path:container_path"
+ DefaultMountsFile = "/usr/share/containers/mounts.conf"
+ // OverrideMountsFile holds the default mount paths in the form
+ // "host_path:container_path" overridden by the user
+ OverrideMountsFile = "/etc/containers/mounts.conf"
+ // UserOverrideMountsFile holds the default mount paths in the form
+ // "host_path:container_path" overridden by the rootless user
+ UserOverrideMountsFile = filepath.Join(os.Getenv("HOME"), ".config/containers/mounts.conf")
+)
+
+// secretData stores the name of the file and the content read from it
+type secretData struct {
+ name string
+ data []byte
+}
+
+// saveTo saves secret data to given directory
+func (s secretData) saveTo(dir string) error {
+ path := filepath.Join(dir, s.name)
+ if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil && !os.IsExist(err) {
+ return err
+ }
+ return ioutil.WriteFile(path, s.data, 0700)
+}
+
+func readAll(root, prefix string) ([]secretData, error) {
+ path := filepath.Join(root, prefix)
+
+ data := []secretData{}
+
+ files, err := ioutil.ReadDir(path)
+ if err != nil {
+ if os.IsNotExist(err) {
+ return data, nil
+ }
+
+ return nil, err
+ }
+
+ for _, f := range files {
+ fileData, err := readFile(root, filepath.Join(prefix, f.Name()))
+ if err != nil {
+ // If the file did not exist, might be a dangling symlink
+ // Ignore the error
+ if os.IsNotExist(err) {
+ continue
+ }
+ return nil, err
+ }
+ data = append(data, fileData...)
+ }
+
+ return data, nil
+}
+
+func readFile(root, name string) ([]secretData, error) {
+ path := filepath.Join(root, name)
+
+ s, err := os.Stat(path)
+ if err != nil {
+ return nil, err
+ }
+
+ if s.IsDir() {
+ dirData, err := readAll(root, name)
+ if err != nil {
+ return nil, err
+ }
+ return dirData, nil
+ }
+ bytes, err := ioutil.ReadFile(path)
+ if err != nil {
+ return nil, err
+ }
+ return []secretData{{name: name, data: bytes}}, nil
+}
+
+func getHostSecretData(hostDir string) ([]secretData, error) {
+ var allSecrets []secretData
+ hostSecrets, err := readAll(hostDir, "")
+ if err != nil {
+ return nil, errors.Wrapf(err, "failed to read secrets from %q", hostDir)
+ }
+ return append(allSecrets, hostSecrets...), nil
+}
+
+func getMounts(filePath string) []string {
+ file, err := os.Open(filePath)
+ if err != nil {
+ // This is expected on most systems
+ logrus.Debugf("file %q not found, skipping...", filePath)
+ return nil
+ }
+ defer file.Close()
+ scanner := bufio.NewScanner(file)
+ if err = scanner.Err(); err != nil {
+ logrus.Errorf("error reading file %q, %v skipping...", filePath, err)
+ return nil
+ }
+ var mounts []string
+ for scanner.Scan() {
+ mounts = append(mounts, scanner.Text())
+ }
+ return mounts
+}
+
+// getHostAndCtrDir separates the host:container paths
+func getMountsMap(path string) (string, string, error) {
+ arr := strings.SplitN(path, ":", 2)
+ if len(arr) == 2 {
+ return arr[0], arr[1], nil
+ }
+ return "", "", errors.Errorf("unable to get host and container dir")
+}
+
+// SecretMounts copies, adds, and mounts the secrets to the container root filesystem
+func SecretMounts(mountLabel, containerWorkingDir, mountFile string) []rspec.Mount {
+ return SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, containerWorkingDir, 0, 0)
+}
+
+// SecretMountsWithUIDGID specifies the uid/gid of the owner
+func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPrefix string, uid, gid int) []rspec.Mount {
+ var (
+ secretMounts []rspec.Mount
+ mountFiles []string
+ )
+ // Add secrets from paths given in the mounts.conf files
+ // mountFile will have a value if the hidden --default-mounts-file flag is set
+ // Note for testing purposes only
+ if mountFile == "" {
+ mountFiles = append(mountFiles, []string{OverrideMountsFile, DefaultMountsFile}...)
+ if rootless.IsRootless() {
+ mountFiles = append([]string{UserOverrideMountsFile}, mountFiles...)
+ _, err := os.Stat(UserOverrideMountsFile)
+ if err != nil && os.IsNotExist(err) {
+ os.MkdirAll(filepath.Dir(UserOverrideMountsFile), 0755)
+ if f, err := os.Create(UserOverrideMountsFile); err != nil {
+ logrus.Warnf("could not create file %s: %v", UserOverrideMountsFile, err)
+ } else {
+ f.Close()
+ }
+ }
+ }
+ } else {
+ mountFiles = append(mountFiles, mountFile)
+ }
+ for _, file := range mountFiles {
+ if _, err := os.Stat(file); err == nil {
+ mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir, mountPrefix, uid, gid)
+ if err != nil {
+ logrus.Warnf("error mounting secrets, skipping: %v", err)
+ }
+ secretMounts = mounts
+ break
+ }
+ }
+
+ // Add FIPS mode secret if /etc/system-fips exists on the host
+ _, err := os.Stat("/etc/system-fips")
+ if err == nil {
+ if err := addFIPSModeSecret(&secretMounts, containerWorkingDir); err != nil {
+ logrus.Errorf("error adding FIPS mode secret to container: %v", err)
+ }
+ } else if os.IsNotExist(err) {
+ logrus.Debug("/etc/system-fips does not exist on host, not mounting FIPS mode secret")
+ } else {
+ logrus.Errorf("stat /etc/system-fips failed for FIPS mode secret: %v", err)
+ }
+ return secretMounts
+}
+
+func rchown(chowndir string, uid, gid int) error {
+ return filepath.Walk(chowndir, func(filePath string, f os.FileInfo, err error) error {
+ return os.Lchown(filePath, uid, gid)
+ })
+}
+
+// addSecretsFromMountsFile copies the contents of host directory to container directory
+// and returns a list of mounts
+func addSecretsFromMountsFile(filePath, mountLabel, containerWorkingDir, mountPrefix string, uid, gid int) ([]rspec.Mount, error) {
+ var mounts []rspec.Mount
+ defaultMountsPaths := getMounts(filePath)
+ for _, path := range defaultMountsPaths {
+ hostDir, ctrDir, err := getMountsMap(path)
+ if err != nil {
+ return nil, err
+ }
+ // skip if the hostDir path doesn't exist
+ if _, err = os.Stat(hostDir); err != nil {
+ if os.IsNotExist(err) {
+ logrus.Warnf("Path %q from %q doesn't exist, skipping", hostDir, filePath)
+ continue
+ }
+ return nil, errors.Wrapf(err, "failed to stat %q", hostDir)
+ }
+
+ ctrDirOnHost := filepath.Join(containerWorkingDir, ctrDir)
+
+ // In the event of a restart, don't want to copy secrets over again as they already would exist in ctrDirOnHost
+ _, err = os.Stat(ctrDirOnHost)
+ if os.IsNotExist(err) {
+ if err = os.MkdirAll(ctrDirOnHost, 0755); err != nil {
+ return nil, errors.Wrapf(err, "making container directory %q failed", ctrDirOnHost)
+ }
+ hostDir, err = resolveSymbolicLink(hostDir)
+ if err != nil {
+ return nil, err
+ }
+
+ data, err := getHostSecretData(hostDir)
+ if err != nil {
+ return nil, errors.Wrapf(err, "getting host secret data failed")
+ }
+ for _, s := range data {
+ if err := s.saveTo(ctrDirOnHost); err != nil {
+ return nil, errors.Wrapf(err, "error saving data to container filesystem on host %q", ctrDirOnHost)
+ }
+ }
+
+ err = label.Relabel(ctrDirOnHost, mountLabel, false)
+ if err != nil {
+ return nil, errors.Wrap(err, "error applying correct labels")
+ }
+ if uid != 0 || gid != 0 {
+ if err := rchown(ctrDirOnHost, uid, gid); err != nil {
+ return nil, err
+ }
+ }
+ } else if err != nil {
+ return nil, errors.Wrapf(err, "error getting status of %q", ctrDirOnHost)
+ }
+
+ m := rspec.Mount{
+ Source: filepath.Join(mountPrefix, ctrDir),
+ Destination: ctrDir,
+ Type: "bind",
+ Options: []string{"bind", "rprivate"},
+ }
+
+ mounts = append(mounts, m)
+ }
+ return mounts, nil
+}
+
+// addFIPSModeSecret creates /run/secrets/system-fips in the container
+// root filesystem if /etc/system-fips exists on hosts.
+// This enables the container to be FIPS compliant and run openssl in
+// FIPS mode as the host is also in FIPS mode.
+func addFIPSModeSecret(mounts *[]rspec.Mount, containerWorkingDir string) error {
+ secretsDir := "/run/secrets"
+ ctrDirOnHost := filepath.Join(containerWorkingDir, secretsDir)
+ if _, err := os.Stat(ctrDirOnHost); os.IsNotExist(err) {
+ if err = os.MkdirAll(ctrDirOnHost, 0755); err != nil {
+ return errors.Wrapf(err, "making container directory on host failed")
+ }
+ }
+ fipsFile := filepath.Join(ctrDirOnHost, "system-fips")
+ // In the event of restart, it is possible for the FIPS mode file to already exist
+ if _, err := os.Stat(fipsFile); os.IsNotExist(err) {
+ file, err := os.Create(fipsFile)
+ if err != nil {
+ return errors.Wrapf(err, "error creating system-fips file in container for FIPS mode")
+ }
+ defer file.Close()
+ }
+
+ if !mountExists(*mounts, secretsDir) {
+ m := rspec.Mount{
+ Source: ctrDirOnHost,
+ Destination: secretsDir,
+ Type: "bind",
+ Options: []string{"bind", "rprivate"},
+ }
+ *mounts = append(*mounts, m)
+ }
+
+ return nil
+}
+
+// mountExists checks if a mount already exists in the spec
+func mountExists(mounts []rspec.Mount, dest string) bool {
+ for _, mount := range mounts {
+ if mount.Destination == dest {
+ return true
+ }
+ }
+ return false
+}
+
+// resolveSymbolicLink resolves a possbile symlink path. If the path is a symlink, returns resolved
+// path; if not, returns the original path.
+func resolveSymbolicLink(path string) (string, error) {
+ info, err := os.Lstat(path)
+ if err != nil {
+ return "", err
+ }
+ if info.Mode()&os.ModeSymlink != os.ModeSymlink {
+ return path, nil
+ }
+ return filepath.EvalSymlinks(path)
+}
diff --git a/vendor/github.com/containers/buildah/pull.go b/vendor/github.com/containers/buildah/pull.go
index d1f33fb01..363cf5ce2 100644
--- a/vendor/github.com/containers/buildah/pull.go
+++ b/vendor/github.com/containers/buildah/pull.go
@@ -194,12 +194,12 @@ func Pull(ctx context.Context, imageName string, options PullOptions) error {
errs = multierror.Append(errs, err)
continue
}
- img, err := is.Transport.GetStoreImage(options.Store, ref)
+ taggedImg, err := is.Transport.GetStoreImage(options.Store, ref)
if err != nil {
errs = multierror.Append(errs, err)
continue
}
- fmt.Printf("%s\n", img.ID)
+ fmt.Printf("%s\n", taggedImg.ID)
}
} else {
fmt.Printf("%s\n", img.ID)
diff --git a/vendor/github.com/containers/buildah/run.go b/vendor/github.com/containers/buildah/run.go
index 3a248f4f2..4d6d28380 100644
--- a/vendor/github.com/containers/buildah/run.go
+++ b/vendor/github.com/containers/buildah/run.go
@@ -21,15 +21,15 @@ import (
"github.com/containernetworking/cni/libcni"
"github.com/containers/buildah/bind"
"github.com/containers/buildah/chroot"
+ "github.com/containers/buildah/pkg/secrets"
"github.com/containers/buildah/util"
- "github.com/containers/libpod/pkg/secrets"
"github.com/containers/storage/pkg/idtools"
"github.com/containers/storage/pkg/ioutils"
"github.com/containers/storage/pkg/reexec"
"github.com/containers/storage/pkg/stringid"
units "github.com/docker/go-units"
digest "github.com/opencontainers/go-digest"
- "github.com/opencontainers/runtime-spec/specs-go"
+ specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
@@ -840,7 +840,7 @@ func setupNamespaces(g *generate.Generator, namespaceOptions NamespaceOptions, i
// valid resolution.
func runLookupPath(g *generate.Generator, command []string) []string {
// Look for the configured $PATH.
- spec := g.Spec()
+ spec := g.Config
envPath := ""
for i := range spec.Process.Env {
if strings.HasPrefix(spec.Process.Env[i], "PATH=") {
@@ -953,7 +953,7 @@ func (b *Builder) configureNamespaces(g *generate.Generator, options RunOptions)
}
found := false
- spec := g.Spec()
+ spec := g.Config
for i := range spec.Process.Env {
if strings.HasPrefix(spec.Process.Env[i], "HOSTNAME=") {
found = true
@@ -1054,7 +1054,7 @@ func (b *Builder) Run(command []string, options RunOptions) error {
// Now grab the spec from the generator. Set the generator to nil so that future contributors
// will quickly be able to tell that they're supposed to be modifying the spec directly from here.
- spec := g.Spec()
+ spec := g.Config
g = nil
logrus.Debugf("ensuring working directory %q exists", filepath.Join(mountPoint, spec.Process.Cwd))
diff --git a/vendor/github.com/containers/buildah/unshare/unshare_unsupported.go b/vendor/github.com/containers/buildah/unshare/unshare_unsupported.go
deleted file mode 100644
index feeceae66..000000000
--- a/vendor/github.com/containers/buildah/unshare/unshare_unsupported.go
+++ /dev/null
@@ -1 +0,0 @@
-package unshare
diff --git a/vendor/github.com/containers/buildah/vendor.conf b/vendor/github.com/containers/buildah/vendor.conf
index 7438fc909..27bf45541 100644
--- a/vendor/github.com/containers/buildah/vendor.conf
+++ b/vendor/github.com/containers/buildah/vendor.conf
@@ -3,7 +3,7 @@ github.com/blang/semver v3.5.0
github.com/BurntSushi/toml v0.2.0
github.com/containerd/continuity 004b46473808b3e7a4a3049c20e4376c91eb966d
github.com/containernetworking/cni v0.7.0-alpha1
-github.com/containers/image v1.4
+github.com/containers/image v1.5
github.com/vbauerster/mpb v3.3.4
github.com/mattn/go-isatty v0.0.4
github.com/VividCortex/ewma v1.1.1
diff --git a/vendor/github.com/containers/image/pkg/blobinfocache/memory.go b/vendor/github.com/containers/image/pkg/blobinfocache/memory.go
index 1ce7dee13..cf6ca5263 100644
--- a/vendor/github.com/containers/image/pkg/blobinfocache/memory.go
+++ b/vendor/github.com/containers/image/pkg/blobinfocache/memory.go
@@ -1,6 +1,7 @@
package blobinfocache
import (
+ "sync"
"time"
"github.com/containers/image/types"
@@ -17,6 +18,7 @@ type locationKey struct {
// memoryCache implements an in-memory-only BlobInfoCache
type memoryCache struct {
+ mutex *sync.Mutex // synchronizes concurrent accesses
uncompressedDigests map[digest.Digest]digest.Digest
digestsByUncompressed map[digest.Digest]map[digest.Digest]struct{} // stores a set of digests for each uncompressed digest
knownLocations map[locationKey]map[types.BICLocationReference]time.Time // stores last known existence time for each location reference
@@ -28,6 +30,7 @@ type memoryCache struct {
// Manual users of types.{ImageSource,ImageDestination} might also use this instead of a persistent cache.
func NewMemoryCache() types.BlobInfoCache {
return &memoryCache{
+ mutex: new(sync.Mutex),
uncompressedDigests: map[digest.Digest]digest.Digest{},
digestsByUncompressed: map[digest.Digest]map[digest.Digest]struct{}{},
knownLocations: map[locationKey]map[types.BICLocationReference]time.Time{},
@@ -38,6 +41,15 @@ func NewMemoryCache() types.BlobInfoCache {
// May return anyDigest if it is known to be uncompressed.
// Returns "" if nothing is known about the digest (it may be compressed or uncompressed).
func (mem *memoryCache) UncompressedDigest(anyDigest digest.Digest) digest.Digest {
+ mem.mutex.Lock()
+ defer mem.mutex.Unlock()
+ return mem.uncompressedDigest(anyDigest)
+}
+
+// uncompressedDigest returns an uncompressed digest corresponding to anyDigest.
+// May return anyDigest if it is known to be uncompressed.
+// Returns "" if nothing is known about the digest (it may be compressed or uncompressed).
+func (mem *memoryCache) uncompressedDigest(anyDigest digest.Digest) digest.Digest {
if d, ok := mem.uncompressedDigests[anyDigest]; ok {
return d
}
@@ -56,6 +68,8 @@ func (mem *memoryCache) UncompressedDigest(anyDigest digest.Digest) digest.Diges
// because a manifest/config pair exists); otherwise the cache could be poisoned and allow substituting unexpected blobs.
// (Eventually, the DiffIDs in image config could detect the substitution, but that may be too late, and not all image formats contain that data.)
func (mem *memoryCache) RecordDigestUncompressedPair(anyDigest digest.Digest, uncompressed digest.Digest) {
+ mem.mutex.Lock()
+ defer mem.mutex.Unlock()
if previous, ok := mem.uncompressedDigests[anyDigest]; ok && previous != uncompressed {
logrus.Warnf("Uncompressed digest for blob %s previously recorded as %s, now %s", anyDigest, previous, uncompressed)
}
@@ -72,6 +86,8 @@ func (mem *memoryCache) RecordDigestUncompressedPair(anyDigest digest.Digest, un
// RecordKnownLocation records that a blob with the specified digest exists within the specified (transport, scope) scope,
// and can be reused given the opaque location data.
func (mem *memoryCache) RecordKnownLocation(transport types.ImageTransport, scope types.BICTransportScope, blobDigest digest.Digest, location types.BICLocationReference) {
+ mem.mutex.Lock()
+ defer mem.mutex.Unlock()
key := locationKey{transport: transport.Name(), scope: scope, blobDigest: blobDigest}
locationScope, ok := mem.knownLocations[key]
if !ok {
@@ -103,11 +119,13 @@ func (mem *memoryCache) appendReplacementCandidates(candidates []candidateWithTi
// data from previous RecordDigestUncompressedPair calls is used to also look up variants of the blob which have the same
// uncompressed digest.
func (mem *memoryCache) CandidateLocations(transport types.ImageTransport, scope types.BICTransportScope, primaryDigest digest.Digest, canSubstitute bool) []types.BICReplacementCandidate {
+ mem.mutex.Lock()
+ defer mem.mutex.Unlock()
res := []candidateWithTime{}
res = mem.appendReplacementCandidates(res, transport, scope, primaryDigest)
var uncompressedDigest digest.Digest // = ""
if canSubstitute {
- if uncompressedDigest = mem.UncompressedDigest(primaryDigest); uncompressedDigest != "" {
+ if uncompressedDigest = mem.uncompressedDigest(primaryDigest); uncompressedDigest != "" {
otherDigests := mem.digestsByUncompressed[uncompressedDigest] // nil if not present in the map
for d := range otherDigests {
if d != primaryDigest && d != uncompressedDigest {
diff --git a/vendor/github.com/containers/image/version/version.go b/vendor/github.com/containers/image/version/version.go
index 10075992d..2a3bc1b5c 100644
--- a/vendor/github.com/containers/image/version/version.go
+++ b/vendor/github.com/containers/image/version/version.go
@@ -11,7 +11,7 @@ const (
VersionPatch = 5
// VersionDev indicates development branch. Releases will be empty string.
- VersionDev = "-dev"
+ VersionDev = ""
)
// Version is the specification version that the package types support.
diff --git a/version/version.go b/version/version.go
index 24daf707c..89b5fbd8b 100644
--- a/version/version.go
+++ b/version/version.go
@@ -4,7 +4,7 @@ package version
// NOTE: remember to bump the version at the top
// of the top-level README.md file when this is
// bumped.
-const Version = "1.0.1-dev"
+const Version = "1.2.0-dev"
// RemoteAPIVersion is the version for the remote
// client API. It is used to determine compatibility