summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.cirrus.yml24
-rw-r--r--cmd/podman/main.go8
-rw-r--r--cmd/podman/registry/remote.go8
-rwxr-xr-xcontrib/cirrus/setup_environment.sh3
-rw-r--r--docs/source/markdown/podman.1.md2
-rw-r--r--test/system/001-basic.bats31
-rw-r--r--test/system/300-cli-parsing.bats14
-rw-r--r--troubleshooting.md29
8 files changed, 96 insertions, 23 deletions
diff --git a/.cirrus.yml b/.cirrus.yml
index 7a306175a..7e523c4ae 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -38,7 +38,7 @@ env:
UBUNTU_NAME: "ubuntu-2110"
# Google-cloud VM Images
- IMAGE_SUFFIX: "c6454758209748992"
+ IMAGE_SUFFIX: "c5814666029957120"
FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}"
@@ -157,11 +157,11 @@ build_task:
CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
# ID for re-use of build output
_BUILD_CACHE_HANDLE: ${FEDORA_NAME}-build-${CIRRUS_BUILD_ID}
- - env: &priorfedora_envvars
- DISTRO_NV: ${PRIOR_FEDORA_NAME}
- VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
- CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN}
- _BUILD_CACHE_HANDLE: ${PRIOR_FEDORA_NAME}-build-${CIRRUS_BUILD_ID}
+ #- env: &priorfedora_envvars
+ # DISTRO_NV: ${PRIOR_FEDORA_NAME}
+ # VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
+ # CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN}
+ # _BUILD_CACHE_HANDLE: ${PRIOR_FEDORA_NAME}-build-${CIRRUS_BUILD_ID}
- env: &ubuntu_envvars
DISTRO_NV: ${UBUNTU_NAME}
VM_IMAGE_NAME: ${UBUNTU_CACHE_IMAGE_NAME}
@@ -390,7 +390,7 @@ unit_test_task:
- validate
matrix:
- env: *stdenvars
- - env: *priorfedora_envvars
+ #- env: *priorfedora_envvars
- env: *ubuntu_envvars
# Special-case: Rootless on latest Fedora (standard) VM
- name: "Rootless unit on $DISTRO_NV"
@@ -504,11 +504,11 @@ container_integration_test_task:
_BUILD_CACHE_HANDLE: ${FEDORA_NAME}-build-${CIRRUS_BUILD_ID}
VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
- - env:
- DISTRO_NV: ${PRIOR_FEDORA_NAME}
- _BUILD_CACHE_HANDLE: ${PRIOR_FEDORA_NAME}-build-${CIRRUS_BUILD_ID}
- VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
- CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN}
+ #- env:
+ # DISTRO_NV: ${PRIOR_FEDORA_NAME}
+ # _BUILD_CACHE_HANDLE: ${PRIOR_FEDORA_NAME}-build-${CIRRUS_BUILD_ID}
+ # VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
+ # CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN}
gce_instance: *standardvm
timeout_in: 90m
env:
diff --git a/cmd/podman/main.go b/cmd/podman/main.go
index 9850f5d27..4f8131653 100644
--- a/cmd/podman/main.go
+++ b/cmd/podman/main.go
@@ -72,6 +72,8 @@ func parseCommands() *cobra.Command {
}
parent.AddCommand(c.Command)
+ c.Command.SetFlagErrorFunc(flagErrorFuncfunc)
+
// - templates need to be set here, as PersistentPreRunE() is
// not called when --help is used.
// - rootCmd uses cobra default template not ours
@@ -84,5 +86,11 @@ func parseCommands() *cobra.Command {
os.Exit(1)
}
+ rootCmd.SetFlagErrorFunc(flagErrorFuncfunc)
return rootCmd
}
+
+func flagErrorFuncfunc(c *cobra.Command, e error) error {
+ e = fmt.Errorf("%w\nSee '%s --help'", e, c.CommandPath())
+ return e
+}
diff --git a/cmd/podman/registry/remote.go b/cmd/podman/registry/remote.go
index f05d8f7b4..181ef6b4a 100644
--- a/cmd/podman/registry/remote.go
+++ b/cmd/podman/registry/remote.go
@@ -30,6 +30,12 @@ func IsRemote() bool {
fs.Usage = func() {}
fs.SetInterspersed(false)
fs.BoolVarP(&remoteFromCLI.Value, "remote", "r", remote, "")
+ connectionFlagName := "connection"
+ ignoredConnection := ""
+ fs.StringVarP(&ignoredConnection, connectionFlagName, "c", "", "")
+ urlFlagName := "url"
+ ignoredURL := ""
+ fs.StringVar(&ignoredURL, urlFlagName, "", "")
// The shell completion logic will call a command called "__complete" or "__completeNoDesc"
// This command will always be the second argument
@@ -39,6 +45,8 @@ func IsRemote() bool {
start = 2
}
_ = fs.Parse(os.Args[start:])
+ // --connection or --url implies --remote
+ remoteFromCLI.Value = remoteFromCLI.Value || fs.Changed(connectionFlagName) || fs.Changed(urlFlagName)
})
return podmanOptions.EngineMode == entities.TunnelMode || remoteFromCLI.Value
}
diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index 829bb651d..93f085983 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -247,6 +247,7 @@ esac
case "$TEST_FLAVOR" in
ext_svc) ;;
validate)
+ dnf install -y $PACKAGE_DOWNLOAD_DIR/python3*.rpm
# For some reason, this is also needed for validation
make .install.pre-commit
;;
@@ -257,7 +258,7 @@ case "$TEST_FLAVOR" in
if [[ "$ALT_NAME" =~ RPM ]]; then
bigto dnf install -y glibc-minimal-langpack go-rpm-macros rpkg rpm-build shadow-utils-subid-devel
fi
- ;&
+ ;;
docker-py)
remove_packaged_podman_files
make install PREFIX=/usr ETCDIR=/etc
diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md
index b318001e4..4d3e92dd2 100644
--- a/docs/source/markdown/podman.1.md
+++ b/docs/source/markdown/podman.1.md
@@ -42,6 +42,7 @@ and "$graphroot/networks" as rootless.
#### **--connection**, **-c**
Connection to use for remote podman, including Mac and Windows (excluding WSL2) machines, (Default connection is configured in `containers.conf`)
+Setting this option will switch the **--remote** option to true.
Remote connections use local containers.conf for default.
#### **--conmon**
@@ -108,6 +109,7 @@ environment variable is set, the **--remote** option defaults to true.
#### **--url**=*value*
URL to access Podman service (default from `containers.conf`, rootless `unix://run/user/$UID/podman/podman.sock` or as root `unix://run/podman/podman.sock`).
+Setting this option will switch the **--remote** option to true.
- `CONTAINER_HOST` is of the format `<schema>://[<user[:<password>]@]<host>[:<port>][<path>]`
diff --git a/test/system/001-basic.bats b/test/system/001-basic.bats
index 9b0a71285..582efa058 100644
--- a/test/system/001-basic.bats
+++ b/test/system/001-basic.bats
@@ -33,6 +33,23 @@ function setup() {
fi
}
+@test "podman info" {
+ # These will be displayed on the test output stream, offering an
+ # at-a-glance overview of important system configuration details
+ local -a want=(
+ 'Arch:{{.Host.Arch}}'
+ 'OS:{{.Host.Distribution.Distribution}}{{.Host.Distribution.Version}}'
+ 'Runtime:{{.Host.OCIRuntime.Name}}'
+ 'Rootless:{{.Host.Security.Rootless}}'
+ 'Events:{{.Host.EventLogger}}'
+ 'Logdriver:{{.Host.LogDriver}}'
+ 'Cgroups:{{.Host.CgroupsVersion}}+{{.Host.CgroupManager}}'
+ 'Net:{{.Host.NetworkBackend}}'
+ )
+ run_podman info --format "$(IFS='/' echo ${want[@]})"
+ echo "# $output" >&3
+}
+
@test "podman --context emits reasonable output" {
# All we care about here is that the command passes
@@ -88,7 +105,8 @@ function setup() {
# ...but no matter what, --remote is never allowed after subcommand
PODMAN="${podman_non_remote} ${podman_args[@]}" run_podman 125 version --remote
- is "$output" "Error: unknown flag: --remote" "podman version --remote"
+ is "$output" "Error: unknown flag: --remote
+See 'podman version --help'" "podman version --remote"
}
@test "podman-remote: defaults" {
@@ -108,6 +126,17 @@ function setup() {
if grep -- " --remote " <<<"$output"; then
die "podman --help, with CONTAINER_CONNECTION set, is showing --remote"
fi
+
+ # When it detects --url or --connection, --remote is not an option
+ run_podman --url foobar --help
+ if grep -- " --remote " <<<"$output"; then
+ die "podman --help, with --url set, is showing --remote"
+ fi
+
+ run_podman --connection foobar --help
+ if grep -- " --remote " <<<"$output"; then
+ die "podman --help, with --connection set, is showing --remote"
+ fi
}
# Check that just calling "podman-remote" prints the usage message even
diff --git a/test/system/300-cli-parsing.bats b/test/system/300-cli-parsing.bats
index 92c073102..ec493d3d8 100644
--- a/test/system/300-cli-parsing.bats
+++ b/test/system/300-cli-parsing.bats
@@ -12,4 +12,18 @@ load helpers
run_podman run --rm --label 'true="false"' $IMAGE true
}
+@test "podman flag error" {
+ local name="podman"
+ if is_remote; then
+ name="podman-remote"
+ fi
+ run_podman 125 run -h
+ is "$output" "Error: flag needs an argument: 'h' in -h
+See '$name run --help'" "expected error output"
+
+ run_podman 125 bad --invalid
+ is "$output" "Error: unknown flag: --invalid
+See '$name --help'" "expected error output"
+}
+
# vim: filetype=sh
diff --git a/troubleshooting.md b/troubleshooting.md
index 6f2a96a56..dedcf6bb9 100644
--- a/troubleshooting.md
+++ b/troubleshooting.md
@@ -87,7 +87,7 @@ error pulling image "fedora": unable to pull fedora: error getting default regis
### 4) http: server gave HTTP response to HTTPS client
When doing a Podman command such as `build`, `commit`, `pull`, or `push` to a registry,
-tls verification is turned on by default. If authentication is not used with
+TLS verification is turned on by default. If encryption is not used with
those commands, this error can occur.
#### Symptom
@@ -100,13 +100,13 @@ Get https://localhost:5000/v2/: http: server gave HTTP response to HTTPS client
#### Solution
-By default tls verification is turned on when communicating to registries from
-Podman. If the registry does not require authentication the Podman commands
-such as `build`, `commit`, `pull` and `push` will fail unless tls verification is turned
+By default TLS verification is turned on when communicating to registries from
+Podman. If the registry does not require encryption the Podman commands
+such as `build`, `commit`, `pull` and `push` will fail unless TLS verification is turned
off using the `--tls-verify` option. **NOTE:** It is not at all recommended to
-communicate with a registry and not use tls verification.
+communicate with a registry and not use TLS verification.
- * Turn off tls verification by passing false to the tls-verification option.
+ * Turn off TLS verification by passing false to the tls-verify option.
* I.e. `podman push --tls-verify=false alpine docker://localhost:5000/myalpine:latest`
---
@@ -259,7 +259,8 @@ You should ensure that each user has a unique range of uids, because overlapping
would potentially allow one user to attack another user. In addition, make sure
that the range of uids you allocate can cover all uids that the container
requires. For example, if the container has a user with uid 10000, ensure you
-have at least 10001 subuids.
+have at least 10001 subuids, and if the container needs to be run as a user with
+uid 1000000, ensure you have at least 1000001 subuids.
You could also use the usermod program to assign UIDs to a user.
@@ -645,16 +646,26 @@ to mount volumes on them.
Run the container once in read/write mode, Podman will generate all of the FDs on the rootfs, and
from that point forward you can run with a read-only rootfs.
+```
$ podman run --rm --rootfs /path/to/rootfs true
+```
The command above will create all the missing directories needed to run the container.
After that, it can be used in read only mode, by multiple containers at the same time:
+```
$ podman run --read-only --rootfs /path/to/rootfs ....
+```
+
+Another option is to use an Overlay Rootfs Mount:
+
+```
+$ podman run --rootfs /path/to/rootfs:O ....
+```
-Another option would be to create an overlay file system on the directory as a lower and then
-then allow podman to create the files on the upper.
+Modifications to the mount point are destroyed when the container
+finishes executing, similar to a tmpfs mount point being unmounted.
### 26) Running containers with CPU limits fails with a permissions error
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-06 11:30:33 +0000