summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile2
-rw-r--r--cmd/podman/common/specgen.go2
-rw-r--r--contrib/podmanimage/README.md8
-rw-r--r--docs/source/markdown/podman-create.1.md3
-rw-r--r--libpod/container.go2
-rw-r--r--libpod/container_internal_linux.go2
-rw-r--r--libpod/container_log_linux.go2
-rw-r--r--libpod/networking_linux.go4
-rw-r--r--pkg/api/handlers/compat/images_build.go11
-rw-r--r--pkg/api/handlers/utils/images.go2
-rw-r--r--pkg/domain/filters/containers.go2
-rw-r--r--test/apiv2/10-images.at34
-rw-r--r--test/e2e/run_device_test.go33
-rw-r--r--test/system/255-auto-update.bats4
-rw-r--r--test/system/700-play.bats4
15 files changed, 74 insertions, 41 deletions
diff --git a/Makefile b/Makefile
index bda10d0bf..70e07984a 100644
--- a/Makefile
+++ b/Makefile
@@ -257,7 +257,7 @@ test/goecho/goecho: .gopathok $(wildcard test/goecho/*.go)
.PHONY: codespell
codespell:
- codespell -S bin,vendor,.git,go.sum,changelog.txt,.cirrus.yml,"RELEASE_NOTES.md,*.xz,*.gz,*.tar,*.tgz,bin2img,*ico,*.png,*.1,*.5,copyimg,*.orig,apidoc.go" -L uint,iff,od,seeked,splitted,marge,ERRO,hist,ether -w
+ codespell -S bin,vendor,.git,go.sum,changelog.txt,.cirrus.yml,"RELEASE_NOTES.md,*.xz,*.gz,*.ps1,*.tar,*.tgz,bin2img,*ico,*.png,*.1,*.5,copyimg,*.orig,apidoc.go" -L uint,iff,od,seeked,splitted,marge,ERRO,hist,ether -w
.PHONY: validate
validate: gofmt lint .gitvalidation validate.completions man-page-check swagger-check tests-included tests-expect-exit
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index 8d6a21cb7..59d32f568 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -685,7 +685,7 @@ func makeHealthCheckFromCli(inCmd, interval string, retries uint, timeout, start
concat := ""
if cmdArr[0] == "CMD" || cmdArr[0] == "none" { // this is for compat, we are already split properly for most compat cases
cmdArr = strings.Fields(inCmd)
- } else if cmdArr[0] != "CMD-SHELL" { // this is for podman side of things, wont contain the keywords
+ } else if cmdArr[0] != "CMD-SHELL" { // this is for podman side of things, won't contain the keywords
if isArr && len(cmdArr) > 1 { // an array of consecutive commands
cmdArr = append([]string{"CMD"}, cmdArr...)
} else { // one singular command
diff --git a/contrib/podmanimage/README.md b/contrib/podmanimage/README.md
index 6effec38b..b7be328c7 100644
--- a/contrib/podmanimage/README.md
+++ b/contrib/podmanimage/README.md
@@ -17,10 +17,10 @@ default to `/`.
The container images are:
* `quay.io/containers/podman:<version>` and `quay.io/podman/stable:<version>` -
- These images are built when a new Podman version becomes available in
- Fedora. These images are intended to be unchanging and stable, they will
- never be updated by automation once they've been pushed. For build details,
- please [see the configuration file](stable/Dockerfile).
+ These images are built daily. They are intended to contain an unchanging
+ and stable version of podman. Though for the most recent `<version>` tag,
+ image contents will be updated to incorporate (especially) security upgrades.
+ For build details, please [see the configuration file](stable/Dockerfile).
* `quay.io/containers/podman:latest` and `quay.io/podman/stable:latest` -
Built daily using the same Dockerfile as above. The Podman version
will remain the "latest" available in Fedora, however the other image
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index 723592016..7655cb8fa 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -455,8 +455,7 @@ setup operations for the pod's applications.
Valid values for `init-ctr` type are *always* or *oneshot*. The *always* value
means the container will run with each and every `pod start`, whereas the *oneshot*
-value means is will ony run once when the pod is started and then the container is
-removed.
+value means the container will only run once when the pod is started and then the container is removed.
Init containers are only run on pod `start`. Restarting a pod will not execute any init
containers should they be present. Furthermore, init containers can only be created in a
diff --git a/libpod/container.go b/libpod/container.go
index d5d5ef1a5..80fd35c09 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -240,7 +240,7 @@ type ContainerImageVolume struct {
type ContainerSecret struct {
// Secret is the secret
*secrets.Secret
- // UID is tbe UID of the secret file
+ // UID is the UID of the secret file
UID uint32
// GID is the GID of the secret file
GID uint32
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 6d2f7bddc..f21aebb09 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -1782,7 +1782,7 @@ func (c *Container) generateResolvConf() (string, error) {
cniResponse := c.state.NetworkStatus
for _, i := range cniResponse {
for _, ip := range i.IPs {
- // Note: only using To16() does not work since it also returns a vaild ip for ipv4
+ // Note: only using To16() does not work since it also returns a valid ip for ipv4
if ip.Address.IP.To4() == nil && ip.Address.IP.To16() != nil {
ipv6 = true
}
diff --git a/libpod/container_log_linux.go b/libpod/container_log_linux.go
index d4afaa52a..11f1be7f9 100644
--- a/libpod/container_log_linux.go
+++ b/libpod/container_log_linux.go
@@ -79,7 +79,7 @@ func (c *Container) readFromJournal(ctx context.Context, options *logs.LogOption
break
}
if cursorError != nil {
- return errors.Wrap(cursorError, "inital journal cursor")
+ return errors.Wrap(cursorError, "initial journal cursor")
}
// We need the container's events in the same journal to guarantee
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index 8e9b5997c..17e444f66 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -1219,7 +1219,7 @@ func (c *Container) NetworkDisconnect(nameOrID, netName string, force bool) erro
return err
}
- // OCICNI will set the loopback adpter down on teardown so we should set it up again
+ // OCICNI will set the loopback adapter down on teardown so we should set it up again
err = c.state.NetNS.Do(func(_ ns.NetNS) error {
link, err := netlink.LinkByName("lo")
if err != nil {
@@ -1229,7 +1229,7 @@ func (c *Container) NetworkDisconnect(nameOrID, netName string, force bool) erro
return err
})
if err != nil {
- logrus.Warnf("failed to set loopback adpter up in the container: %v", err)
+ logrus.Warnf("failed to set loopback adapter up in the container: %v", err)
}
// Reload ports when there are still connected networks, maybe we removed the network interface with the child ip.
// Reloading without connected networks does not make sense, so we can skip this step.
diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go
index 08d1df4b8..0fcca1821 100644
--- a/pkg/api/handlers/compat/images_build.go
+++ b/pkg/api/handlers/compat/images_build.go
@@ -34,13 +34,16 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
contentType := hdr[0]
switch contentType {
case "application/tar":
- logrus.Warnf("tar file content type is %s, should use \"application/x-tar\" content type", contentType)
+ logrus.Infof("tar file content type is %s, should use \"application/x-tar\" content type", contentType)
case "application/x-tar":
break
default:
- utils.BadRequest(w, "Content-Type", hdr[0],
- fmt.Errorf("Content-Type: %s is not supported. Should be \"application/x-tar\"", hdr[0]))
- return
+ if utils.IsLibpodRequest(r) {
+ utils.BadRequest(w, "Content-Type", hdr[0],
+ fmt.Errorf("Content-Type: %s is not supported. Should be \"application/x-tar\"", hdr[0]))
+ return
+ }
+ logrus.Infof("tar file content type is %s, should use \"application/x-tar\" content type", contentType)
}
}
diff --git a/pkg/api/handlers/utils/images.go b/pkg/api/handlers/utils/images.go
index 1e8edb6dd..1e3647a3e 100644
--- a/pkg/api/handlers/utils/images.go
+++ b/pkg/api/handlers/utils/images.go
@@ -27,7 +27,7 @@ func IsRegistryReference(name string) error {
if imageRef.Transport().Name() == docker.Transport.Name() {
return nil
}
- return errors.Errorf("unsupport transport %s in %q: only docker transport is supported", imageRef.Transport().Name(), name)
+ return errors.Errorf("unsupported transport %s in %q: only docker transport is supported", imageRef.Transport().Name(), name)
}
// ParseStorageReference parses the specified image name to a
diff --git a/pkg/domain/filters/containers.go b/pkg/domain/filters/containers.go
index dc9fed2a4..269cd2d27 100644
--- a/pkg/domain/filters/containers.go
+++ b/pkg/domain/filters/containers.go
@@ -214,7 +214,7 @@ func GenerateContainerFilterFuncs(filter string, filterValues []string, r *libpo
networkMode := c.NetworkMode()
// support docker like `--filter network=container:<IDorName>`
// check if networkMode is configured as `container:<ctr>`
- // peform a match against filter `container:<IDorName>`
+ // perform a match against filter `container:<IDorName>`
// networks is already going to be empty if `container:<ctr>` is configured as Mode
if strings.HasPrefix(networkMode, "container:") {
networkModeContainerPart := strings.SplitN(networkMode, ":", 2)
diff --git a/test/apiv2/10-images.at b/test/apiv2/10-images.at
index 195b11ff0..abc8d44b7 100644
--- a/test/apiv2/10-images.at
+++ b/test/apiv2/10-images.at
@@ -173,7 +173,7 @@ curl -XPOST --data-binary @<(cat $CONTAINERFILE_TAR) \
BUILD_TEST_ERROR=""
if ! grep -q '200 OK' "${TMPD}/headers.txt"; then
- echo -e "${red}NOK: Image build from tar failed response was not 200 OK"
+ echo -e "${red}NOK: Image build from tar failed response was not 200 OK (application/x-tar)"
BUILD_TEST_ERROR="1"
fi
@@ -182,6 +182,38 @@ if ! grep -q 'quay.io/libpod/alpine_labels' "${TMPD}/response.txt"; then
BUILD_TEST_ERROR="1"
fi
+curl -XPOST --data-binary @<(cat $CONTAINERFILE_TAR) \
+ -H "content-type: application/tar" \
+ --dump-header "${TMPD}/headers.txt" \
+ -o /dev/null \
+ "http://$HOST:$PORT/v1.40/libpod/build?dockerfile=containerfile" &> /dev/null
+if ! grep -q '200 OK' "${TMPD}/headers.txt"; then
+ echo -e "${red}NOK: Image build from tar failed response was not 200 OK (application/tar)"
+ BUILD_TEST_ERROR="1"
+fi
+
+# Yes, this is very un-RESTful re: Content-Type header ignored when compatibility endpoint used
+# See https://github.com/containers/podman/issues/11012
+curl -XPOST --data-binary @<(cat $CONTAINERFILE_TAR) \
+ -H "content-type: application/json" \
+ --dump-header "${TMPD}/headers.txt" \
+ -o /dev/null \
+ "http://$HOST:$PORT/v1.40/build?dockerfile=containerfile" &> /dev/null
+if ! grep -q '200 OK' "${TMPD}/headers.txt"; then
+ echo -e "${red}NOK: Image build from tar failed response was not 200 OK (application/tar)"
+ BUILD_TEST_ERROR="1"
+fi
+
+curl -XPOST --data-binary @<(cat $CONTAINERFILE_TAR) \
+ -H "content-type: application/json" \
+ --dump-header "${TMPD}/headers.txt" \
+ -o /dev/null \
+ "http://$HOST:$PORT/v1.40/libpod/build?dockerfile=containerfile" &> /dev/null
+if ! grep -q '400 Bad Request' "${TMPD}/headers.txt"; then
+ echo -e "${red}NOK: Image build should have failed with 400 (wrong Content-Type)"
+ BUILD_TEST_ERROR="1"
+fi
+
cleanBuildTest
if [[ "${BUILD_TEST_ERROR}" ]]; then
exit 1
diff --git a/test/e2e/run_device_test.go b/test/e2e/run_device_test.go
index 40de1d50d..08905aed2 100644
--- a/test/e2e/run_device_test.go
+++ b/test/e2e/run_device_test.go
@@ -41,36 +41,35 @@ var _ = Describe("Podman run device", func() {
})
It("podman run device test", func() {
- session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg", ALPINE, "ls", "--color=never", "/dev/kmsg"})
+ session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg", ALPINE, "test", "-c", "/dev/kmsg"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
- Expect(session.OutputToString()).To(Equal("/dev/kmsg"))
})
It("podman run device rename test", func() {
- session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
+ // TODO: Confirm absence of /dev/kmsg in container
+ session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1", ALPINE, "test", "-c", "/dev/kmsg1"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
- Expect(session.OutputToString()).To(Equal("/dev/kmsg1"))
})
It("podman run device permission test", func() {
- session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:r", ALPINE, "ls", "--color=never", "/dev/kmsg"})
+ // TODO: Confirm write-permission failure
+ session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:r", ALPINE, "test", "-r", "/dev/kmsg"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
- Expect(session.OutputToString()).To(Equal("/dev/kmsg"))
})
It("podman run device rename and permission test", func() {
- session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1:r", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
+ // TODO: Confirm write-permission failure
+ session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1:r", ALPINE, "test", "-r", "/dev/kmsg1"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
- Expect(session.OutputToString()).To(Equal("/dev/kmsg1"))
})
It("podman run device rename and bad permission test", func() {
- session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1:rd", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
+ session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1:rd", ALPINE, "true"})
session.WaitWithDefaultTimeout()
- Expect(session).To(ExitWithError())
+ Expect(session).Should(Exit(125))
})
It("podman run device host device and container device parameter are directories", func() {
@@ -89,12 +88,13 @@ var _ = Describe("Podman run device", func() {
})
It("podman run device host device with --privileged", func() {
- if _, err := os.Stat("/dev/kvm"); err != nil {
- Skip("/dev/kvm not available")
- }
- session := podmanTest.Podman([]string{"run", "--privileged", ALPINE, "ls", "/dev/kvm"})
+ session := podmanTest.Podman([]string{"run", "--privileged", ALPINE, "test", "-c", "/dev/kmsg"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
+ // verify --privileged is required
+ session2 := podmanTest.Podman([]string{"run", ALPINE, "test", "-c", "/dev/kmsg"})
+ session2.WaitWithDefaultTimeout()
+ Expect(session2).Should((Exit(1)))
})
It("podman run CDI device test", func() {
@@ -109,14 +109,13 @@ var _ = Describe("Podman run device", func() {
err = cmd.Run()
Expect(err).To(BeNil())
- session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "myKmsg", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
+ session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "myKmsg", ALPINE, "test", "-c", "/dev/kmsg1"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
- Expect(session.OutputToString()).To(Equal("/dev/kmsg1"))
})
It("podman run --gpus noop", func() {
- session := podmanTest.Podman([]string{"run", "--gpus", "all", ALPINE, "ls", "/"})
+ session := podmanTest.Podman([]string{"run", "--gpus", "all", ALPINE, "true"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
})
diff --git a/test/system/255-auto-update.bats b/test/system/255-auto-update.bats
index 69ebebcd6..8bb32b5b7 100644
--- a/test/system/255-auto-update.bats
+++ b/test/system/255-auto-update.bats
@@ -102,7 +102,7 @@ function _wait_service_ready() {
let timeout=$timeout-1
done
- # Print serivce status as debug information before failed the case
+ # Print service status as debug information before failed the case
systemctl status $sname
die "Timed out waiting for $sname to start"
}
@@ -305,7 +305,7 @@ EOF
fi
done
- # Only check the last service is started. Previous services should already actived.
+ # Only check that the last service is started. Previous services should already be activated.
_wait_service_ready container-$cname.service
run_podman commit --change CMD=/bin/bash $local_cname quay.io/libpod/localtest:latest
# Exit code is expected, due to invalid 'fakevalue'
diff --git a/test/system/700-play.bats b/test/system/700-play.bats
index 3e6961b08..498956b9a 100644
--- a/test/system/700-play.bats
+++ b/test/system/700-play.bats
@@ -94,9 +94,9 @@ RELABEL="system_u:object_r:container_file_t:s0"
mkdir -p $TESTDIR
echo "$testYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml
run_podman 125 play kube --network bridge $PODMAN_TMPDIR/test.yaml
- is "$output" ".*invalid value passed to --network: bridge or host networking must be configured in YAML" "podman plan-network should fail wth --network host"
+ is "$output" ".*invalid value passed to --network: bridge or host networking must be configured in YAML" "podman plan-network should fail with --network host"
run_podman 125 play kube --network host $PODMAN_TMPDIR/test.yaml
- is "$output" ".*invalid value passed to --network: bridge or host networking must be configured in YAML" "podman plan-network should fail wth --network host"
+ is "$output" ".*invalid value passed to --network: bridge or host networking must be configured in YAML" "podman plan-network should fail with --network host"
run_podman play kube --network slirp4netns:port_handler=slirp4netns $PODMAN_TMPDIR/test.yaml
run_podman pod rm -f test_pod
}