summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.cirrus.yml2
-rw-r--r--cmd/podman/containers/restore.go51
-rw-r--r--cmd/podman/containers/rm.go6
-rw-r--r--cmd/podman/images/rm.go18
-rw-r--r--cmd/podman/networks/rm.go6
-rw-r--r--cmd/podman/pods/create.go6
-rw-r--r--cmd/podman/pods/rm.go7
-rw-r--r--cmd/podman/volumes/rm.go6
-rw-r--r--contrib/pkginstaller/.gitignore6
-rw-r--r--contrib/pkginstaller/Distribution.in17
-rw-r--r--contrib/pkginstaller/Makefile50
-rw-r--r--contrib/pkginstaller/README.md22
-rw-r--r--contrib/pkginstaller/Resources/banner.pngbin0 -> 50381 bytes
-rw-r--r--contrib/pkginstaller/Resources/conclusion.html13
-rwxr-xr-xcontrib/pkginstaller/package.sh60
-rwxr-xr-xcontrib/pkginstaller/scripts/postinstall27
-rwxr-xr-xcontrib/pkginstaller/scripts/preinstall5
-rw-r--r--contrib/pkginstaller/welcome.html.in16
-rw-r--r--docs/source/markdown/podman-generate-systemd.1.md7
-rw-r--r--docs/source/markdown/podman-pod-create.1.md2
-rw-r--r--docs/tutorials/socket_activation.md23
-rw-r--r--pkg/api/handlers/compat/images_build.go1
-rw-r--r--pkg/api/handlers/compat/images_search.go1
-rw-r--r--pkg/api/handlers/libpod/images_push.go1
-rw-r--r--pkg/api/handlers/libpod/manifests.go1
-rw-r--r--pkg/api/server/register_images.go8
-rw-r--r--pkg/api/server/register_manifest.go10
-rw-r--r--pkg/bindings/test/images_test.go2
-rw-r--r--pkg/domain/filters/containers.go9
-rw-r--r--pkg/domain/filters/pods.go3
-rw-r--r--pkg/domain/filters/volumes.go5
-rw-r--r--pkg/domain/infra/abi/containers.go1
-rw-r--r--pkg/machine/qemu/machine.go4
-rw-r--r--pkg/util/filters.go33
-rw-r--r--pkg/util/filters_test.go4
-rw-r--r--test/apiv2/12-imagesMore.at5
-rw-r--r--test/apiv2/15-manifest.at2
-rwxr-xr-xtest/buildah-bud/apply-podman-deltas4
-rw-r--r--test/e2e/benchmarks_test.go8
-rw-r--r--test/e2e/checkpoint_test.go25
-rw-r--r--test/e2e/containers_conf_test.go3
-rw-r--r--test/e2e/pod_infra_container_test.go16
-rw-r--r--test/e2e/prune_test.go18
-rw-r--r--test/e2e/run_test.go13
-rw-r--r--test/system/010-images.bats7
-rw-r--r--test/system/055-rm.bats7
-rw-r--r--test/system/160-volumes.bats7
-rw-r--r--test/system/200-pod.bats7
-rw-r--r--test/system/500-networking.bats9
-rw-r--r--test/system/520-checkpoint.bats2
50 files changed, 468 insertions, 98 deletions
diff --git a/.cirrus.yml b/.cirrus.yml
index c629bcf70..7a488216e 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -843,7 +843,7 @@ meta_task:
container:
cpu: 2
memory: 2
- image: quay.io/libpod/imgts:$IMAGE_SUFFIX
+ image: quay.io/libpod/imgts:latest
env:
# Space-separated list of images used by this repository state
# Disabled ${PRIOR_FEDORA_CACHE_IMAGE_NAME} for Fedora 35
diff --git a/cmd/podman/containers/restore.go b/cmd/podman/containers/restore.go
index 1e4745354..6106f2bed 100644
--- a/cmd/podman/containers/restore.go
+++ b/cmd/podman/containers/restore.go
@@ -93,32 +93,49 @@ func init() {
}
func restore(cmd *cobra.Command, args []string) error {
- var errs utils.OutputErrors
+ var (
+ e error
+ errs utils.OutputErrors
+ )
podmanStart := time.Now()
if rootless.IsRootless() {
return fmt.Errorf("restoring a container requires root")
}
- // Find out if this is an image
- inspectOpts := entities.InspectOptions{}
- imgData, _, err := registry.ImageEngine().Inspect(context.Background(), args, inspectOpts)
- if err != nil {
- return err
+ // Check if the container exists (#15055)
+ exists := &entities.BoolReport{Value: false}
+ for _, ctr := range args {
+ exists, e = registry.ContainerEngine().ContainerExists(registry.GetContext(), ctr, entities.ContainerExistsOptions{})
+ if e != nil {
+ return e
+ }
+ if exists.Value {
+ break
+ }
}
- hostInfo, err := registry.ContainerEngine().Info(context.Background())
- if err != nil {
- return err
- }
+ if !exists.Value {
+ // Find out if this is an image
+ inspectOpts := entities.InspectOptions{}
+ imgData, _, err := registry.ImageEngine().Inspect(context.Background(), args, inspectOpts)
+ if err != nil {
+ return err
+ }
- for i := range imgData {
- restoreOptions.CheckpointImage = true
- checkpointRuntimeName, found := imgData[i].Annotations[define.CheckpointAnnotationRuntimeName]
- if !found {
- return fmt.Errorf("image is not a checkpoint: %s", imgData[i].ID)
+ hostInfo, err := registry.ContainerEngine().Info(context.Background())
+ if err != nil {
+ return err
}
- if hostInfo.Host.OCIRuntime.Name != checkpointRuntimeName {
- return fmt.Errorf("container image \"%s\" requires runtime: \"%s\"", imgData[i].ID, checkpointRuntimeName)
+
+ for i := range imgData {
+ restoreOptions.CheckpointImage = true
+ checkpointRuntimeName, found := imgData[i].Annotations[define.CheckpointAnnotationRuntimeName]
+ if !found {
+ return fmt.Errorf("image is not a checkpoint: %s", imgData[i].ID)
+ }
+ if hostInfo.Host.OCIRuntime.Name != checkpointRuntimeName {
+ return fmt.Errorf("container image \"%s\" requires runtime: \"%s\"", imgData[i].ID, checkpointRuntimeName)
+ }
}
}
diff --git a/cmd/podman/containers/rm.go b/cmd/podman/containers/rm.go
index 9fa688d23..056e32651 100644
--- a/cmd/podman/containers/rm.go
+++ b/cmd/podman/containers/rm.go
@@ -126,6 +126,9 @@ func removeContainers(namesOrIDs []string, rmOptions entities.RmOptions, setExit
var errs utils.OutputErrors
responses, err := registry.ContainerEngine().ContainerRm(context.Background(), namesOrIDs, rmOptions)
if err != nil {
+ if rmOptions.Force && strings.Contains(err.Error(), define.ErrNoSuchCtr.Error()) {
+ return nil
+ }
if setExit {
setExitCode(err)
}
@@ -136,6 +139,9 @@ func removeContainers(namesOrIDs []string, rmOptions entities.RmOptions, setExit
if errors.Is(r.Err, define.ErrWillDeadlock) {
logrus.Errorf("Potential deadlock detected - please run 'podman system renumber' to resolve")
}
+ if rmOptions.Force && strings.Contains(r.Err.Error(), define.ErrNoSuchCtr.Error()) {
+ continue
+ }
if setExit {
setExitCode(r.Err)
}
diff --git a/cmd/podman/images/rm.go b/cmd/podman/images/rm.go
index 18b22e51d..d3fd17440 100644
--- a/cmd/podman/images/rm.go
+++ b/cmd/podman/images/rm.go
@@ -3,11 +3,14 @@ package images
import (
"errors"
"fmt"
+ "strings"
"github.com/containers/podman/v4/cmd/podman/common"
"github.com/containers/podman/v4/cmd/podman/registry"
+ "github.com/containers/podman/v4/cmd/podman/utils"
"github.com/containers/podman/v4/pkg/domain/entities"
"github.com/containers/podman/v4/pkg/errorhandling"
+ "github.com/containers/storage/types"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
)
@@ -81,8 +84,19 @@ func rm(cmd *cobra.Command, args []string) error {
fmt.Println("Deleted: " + d)
}
}
- registry.SetExitCode(report.ExitCode)
+ for _, err := range rmErrors {
+ if !imageOpts.Force || !strings.Contains(err.Error(), types.ErrImageUnknown.Error()) {
+ registry.SetExitCode(report.ExitCode)
+ }
+ }
}
- return errorhandling.JoinErrors(rmErrors)
+ var errs utils.OutputErrors
+ for _, err := range rmErrors {
+ if imageOpts.Force && strings.Contains(err.Error(), types.ErrImageUnknown.Error()) {
+ continue
+ }
+ errs = append(errs, err)
+ }
+ return errorhandling.JoinErrors(errs)
}
diff --git a/cmd/podman/networks/rm.go b/cmd/podman/networks/rm.go
index c2d3f655f..d734b2867 100644
--- a/cmd/podman/networks/rm.go
+++ b/cmd/podman/networks/rm.go
@@ -63,6 +63,9 @@ func networkRm(cmd *cobra.Command, args []string) error {
}
responses, err := registry.ContainerEngine().NetworkRm(registry.Context(), args, networkRmOptions)
if err != nil {
+ if networkRmOptions.Force && strings.Contains(err.Error(), define.ErrNoSuchNetwork.Error()) {
+ return nil
+ }
setExitCode(err)
return err
}
@@ -70,6 +73,9 @@ func networkRm(cmd *cobra.Command, args []string) error {
if r.Err == nil {
fmt.Println(r.Name)
} else {
+ if networkRmOptions.Force && strings.Contains(r.Err.Error(), define.ErrNoSuchNetwork.Error()) {
+ continue
+ }
setExitCode(r.Err)
errs = append(errs, r.Err)
}
diff --git a/cmd/podman/pods/create.go b/cmd/podman/pods/create.go
index aea8a7229..4f1f66ad6 100644
--- a/cmd/podman/pods/create.go
+++ b/cmd/podman/pods/create.go
@@ -134,6 +134,12 @@ func create(cmd *cobra.Command, args []string) error {
imageName = infraImage
}
img := imageName
+
+ if !cmd.Flag("infra").Changed && (share == "none" || share == "") {
+ // we do not want an infra container when not sharing namespaces
+ createOptions.Infra = false
+ }
+
if !createOptions.Infra {
if cmd.Flag("no-hosts").Changed {
return fmt.Errorf("cannot specify --no-hosts without an infra container")
diff --git a/cmd/podman/pods/rm.go b/cmd/podman/pods/rm.go
index 2ffd968f9..0aa64481d 100644
--- a/cmd/podman/pods/rm.go
+++ b/cmd/podman/pods/rm.go
@@ -93,6 +93,9 @@ func removePods(namesOrIDs []string, rmOptions entities.PodRmOptions, printIDs b
responses, err := registry.ContainerEngine().PodRm(context.Background(), namesOrIDs, rmOptions)
if err != nil {
+ if rmOptions.Force && strings.Contains(err.Error(), define.ErrNoSuchPod.Error()) {
+ return nil
+ }
setExitCode(err)
return err
}
@@ -104,13 +107,15 @@ func removePods(namesOrIDs []string, rmOptions entities.PodRmOptions, printIDs b
fmt.Println(r.Id)
}
} else {
+ if rmOptions.Force && strings.Contains(r.Err.Error(), define.ErrNoSuchPod.Error()) {
+ continue
+ }
setExitCode(r.Err)
errs = append(errs, r.Err)
}
}
return errs.PrintErrors()
}
-
func setExitCode(err error) {
if errors.Is(err, define.ErrNoSuchPod) || strings.Contains(err.Error(), define.ErrNoSuchPod.Error()) {
registry.SetExitCode(1)
diff --git a/cmd/podman/volumes/rm.go b/cmd/podman/volumes/rm.go
index c160b8623..1383da279 100644
--- a/cmd/podman/volumes/rm.go
+++ b/cmd/podman/volumes/rm.go
@@ -65,6 +65,9 @@ func rm(cmd *cobra.Command, args []string) error {
}
responses, err := registry.ContainerEngine().VolumeRm(context.Background(), args, rmOptions)
if err != nil {
+ if rmOptions.Force && strings.Contains(err.Error(), define.ErrNoSuchVolume.Error()) {
+ return nil
+ }
setExitCode(err)
return err
}
@@ -72,6 +75,9 @@ func rm(cmd *cobra.Command, args []string) error {
if r.Err == nil {
fmt.Println(r.Id)
} else {
+ if rmOptions.Force && strings.Contains(r.Err.Error(), define.ErrNoSuchVolume.Error()) {
+ continue
+ }
setExitCode(r.Err)
errs = append(errs, r.Err)
}
diff --git a/contrib/pkginstaller/.gitignore b/contrib/pkginstaller/.gitignore
new file mode 100644
index 000000000..5e597ab07
--- /dev/null
+++ b/contrib/pkginstaller/.gitignore
@@ -0,0 +1,6 @@
+out
+Distribution
+welcome.html
+tmp-download
+.vscode
+root
diff --git a/contrib/pkginstaller/Distribution.in b/contrib/pkginstaller/Distribution.in
new file mode 100644
index 000000000..0e0d3843a
--- /dev/null
+++ b/contrib/pkginstaller/Distribution.in
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="utf-8" standalone="no"?>
+<installer-script minSpecVersion="1.000000">
+ <title>Podman __VERSION__</title>
+ <background mime-type="image/png" file="banner.png" scaling="proportional"/>
+ <welcome file="welcome.html" mime-type="text/html" />
+ <conclusion file="conclusion.html" mime-type="text/html" />
+ <license file="LICENSE.txt"/>
+ <options customize="never" hostArchitectures="x86_64,arm64" />
+ <domains enable_localSystem="true" />
+ <choices-outline>
+ <line choice="podman"/>
+ </choices-outline>
+ <choice id="podman" title="podman">
+ <pkg-ref id="podman.pkg"/>
+ </choice>
+ <pkg-ref id="podman.pkg">podman.pkg</pkg-ref>
+</installer-script>
diff --git a/contrib/pkginstaller/Makefile b/contrib/pkginstaller/Makefile
new file mode 100644
index 000000000..19c9b51aa
--- /dev/null
+++ b/contrib/pkginstaller/Makefile
@@ -0,0 +1,50 @@
+SHELL := bash
+
+ARCH ?= aarch64
+PODMAN_VERSION ?= 4.1.0
+GVPROXY_VERSION ?= 0.4.0
+QEMU_VERSION ?= 7.0.0-2
+GVPROXY_RELEASE_URL ?= https://github.com/containers/gvisor-tap-vsock/releases/download/v$(GVPROXY_VERSION)/gvproxy-darwin
+QEMU_RELEASE_URL ?= https://github.com/containers/podman-machine-qemu/releases/download/v$(QEMU_VERSION)/podman-machine-qemu-$(ARCH)-$(QEMU_VERSION).tar.xz
+PACKAGE_DIR ?= out/packaging
+TMP_DOWNLOAD ?= tmp-download
+PACKAGE_ROOT ?= root
+
+default: pkginstaller
+
+get_gvproxy:
+ mkdir -p $(TMP_DOWNLOAD)
+ cd $(TMP_DOWNLOAD) && curl -sLo gvproxy $(GVPROXY_RELEASE_URL)
+
+get_qemu:
+ mkdir -p $(TMP_DOWNLOAD)
+ cd $(TMP_DOWNLOAD) && curl -sLO $(QEMU_RELEASE_URL)
+
+packagedir: package_root Distribution welcome.html
+ mkdir -p $(PACKAGE_DIR)
+ cp -r Resources $(PACKAGE_DIR)/
+ cp welcome.html $(PACKAGE_DIR)/Resources/
+ cp Distribution $(PACKAGE_DIR)/
+ cp -r scripts $(PACKAGE_DIR)/
+ cp -r $(PACKAGE_ROOT) $(PACKAGE_DIR)/
+ cp package.sh $(PACKAGE_DIR)/
+ cd $(PACKAGE_DIR) && pkgbuild --analyze --root ./root component.plist
+ echo -n $(PODMAN_VERSION) > $(PACKAGE_DIR)/VERSION
+ echo -n $(ARCH) > $(PACKAGE_DIR)/ARCH
+ cp ../../LICENSE $(PACKAGE_DIR)/Resources/LICENSE.txt
+
+package_root: get_gvproxy get_qemu
+ mkdir -p $(PACKAGE_ROOT)/podman/bin $(PACKAGE_ROOT)/podman/qemu
+ tar -C $(PACKAGE_ROOT)/podman/qemu -xf $(TMP_DOWNLOAD)/podman-machine-qemu-$(ARCH)-$(QEMU_VERSION).tar.xz
+ cp $(TMP_DOWNLOAD)/gvproxy $(PACKAGE_ROOT)/podman/bin/
+ chmod a+x $(PACKAGE_ROOT)/podman/bin/*
+
+%: %.in
+ @sed -e 's/__VERSION__/'$(PODMAN_VERSION)'/g' $< >$@
+
+pkginstaller: packagedir
+ cd $(PACKAGE_DIR) && ./package.sh ..
+
+.PHONY: clean
+clean:
+ rm -rf $(TMP_DOWNLOAD) $(PACKAGE_ROOT) $(PACKAGE_DIR) Distribution welcome.html
diff --git a/contrib/pkginstaller/README.md b/contrib/pkginstaller/README.md
new file mode 100644
index 000000000..37c59ce04
--- /dev/null
+++ b/contrib/pkginstaller/README.md
@@ -0,0 +1,22 @@
+## How to build
+
+```sh
+$ make ARCH=<amd64 | aarch64> NO_CODESIGN=1 pkginstaller
+
+# or to create signed pkg
+$ make ARCH=<amd64 | aarch64> CODESIGN_IDENTITY=<ID> PRODUCTSIGN_IDENTITY=<ID> pkginstaller
+```
+
+The generated pkg will be written to `out/podman-macos-installer-*.pkg`.
+Currently the pkg installs `podman`, `qemu`, `gvproxy` and `podman-mac-helper` to `/Applications/podman`
+
+The `qemu` build it uses is from [containers/podman-machine-qemu](https://github.com/containers/podman-machine-qemu)
+
+## Uninstalling
+
+```sh
+$ sudo rm -rf /opt/podman
+```
+
+### Screenshot
+<img width="626" alt="screenshot-macOS-pkg-podman" src="https://user-images.githubusercontent.com/8885742/157380992-2e3b1573-34a0-4aa0-bdc1-a85f4792a1d2.png">
diff --git a/contrib/pkginstaller/Resources/banner.png b/contrib/pkginstaller/Resources/banner.png
new file mode 100644
index 000000000..7db751341
--- /dev/null
+++ b/contrib/pkginstaller/Resources/banner.png
Binary files differ
diff --git a/contrib/pkginstaller/Resources/conclusion.html b/contrib/pkginstaller/Resources/conclusion.html
new file mode 100644
index 000000000..c442e4ebf
--- /dev/null
+++ b/contrib/pkginstaller/Resources/conclusion.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="utf-8"/>
+</head>
+<body>
+<div align="left" style="font-family: Helvetica; padding-left: 10px;">
+ <br/>
+ <p style="color: #020202; font-size: 12px;">Thanks for installing Podman!</p>
+ <p style="color: #020202; font-size: 12px;">You can now start using the 'podman' command. First run 'podman machine init'</b>.</p>
+</div>
+</body>
+</html>
diff --git a/contrib/pkginstaller/package.sh b/contrib/pkginstaller/package.sh
new file mode 100755
index 000000000..b7b33954d
--- /dev/null
+++ b/contrib/pkginstaller/package.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+
+set -euxo pipefail
+
+BASEDIR=$(dirname "$0")
+OUTPUT=$1
+CODESIGN_IDENTITY=${CODESIGN_IDENTITY:-mock}
+PRODUCTSIGN_IDENTITY=${PRODUCTSIGN_IDENTITY:-mock}
+NO_CODESIGN=${NO_CODESIGN:-0}
+HELPER_BINARIES_DIR="/opt/podman/qemu/bin"
+
+binDir="${BASEDIR}/root/podman/bin"
+
+function build_podman() {
+ pushd "$1"
+ make podman-remote HELPER_BINARIES_DIR="${HELPER_BINARIES_DIR}"
+ make podman-mac-helper
+ cp bin/darwin/podman "contrib/pkginstaller/out/packaging/${binDir}/podman"
+ cp bin/darwin/podman-mac-helper "contrib/pkginstaller/out/packaging/${binDir}/podman-mac-helper"
+ popd
+}
+
+function sign() {
+ if [ "${NO_CODESIGN}" -eq "1" ]; then
+ return
+ fi
+ local opts=""
+ entitlements="${BASEDIR}/$(basename "$1").entitlements"
+ if [ -f "${entitlements}" ]; then
+ opts="--entitlements ${entitlements}"
+ fi
+ codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --force --timestamp "${opts}" "$1"
+}
+
+version=$(cat "${BASEDIR}/VERSION")
+arch=$(cat "${BASEDIR}/ARCH")
+
+build_podman "../../../../"
+sign "${binDir}/podman"
+sign "${binDir}/gvproxy"
+sign "${binDir}/podman-mac-helper"
+
+pkgbuild --identifier com.redhat.podman --version "${version}" \
+ --scripts "${BASEDIR}/scripts" \
+ --root "${BASEDIR}/root" \
+ --install-location /opt \
+ --component-plist "${BASEDIR}/component.plist" \
+ "${OUTPUT}/podman.pkg"
+
+productbuild --distribution "${BASEDIR}/Distribution" \
+ --resources "${BASEDIR}/Resources" \
+ --package-path "${OUTPUT}" \
+ "${OUTPUT}/podman-unsigned.pkg"
+rm "${OUTPUT}/podman.pkg"
+
+if [ ! "${NO_CODESIGN}" -eq "1" ]; then
+ productsign --timestamp --sign "${PRODUCTSIGN_IDENTITY}" "${OUTPUT}/podman-unsigned.pkg" "${OUTPUT}/podman-installer-macos-${arch}.pkg"
+else
+ mv "${OUTPUT}/podman-unsigned.pkg" "${OUTPUT}/podman-installer-macos-${arch}.pkg"
+fi
diff --git a/contrib/pkginstaller/scripts/postinstall b/contrib/pkginstaller/scripts/postinstall
new file mode 100755
index 000000000..db17eede8
--- /dev/null
+++ b/contrib/pkginstaller/scripts/postinstall
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+set -e
+
+BZSH_PODMAN_PATH_EXP='PATH="/opt/podman/bin:$PATH"'
+FISH_PODMAN_PATH_EXP='set PATH "/opt/podman/bin $PATH"'
+BASHRC_PATH="$HOME/.bash_profile"
+ZSHENV_PATH="$HOME/.zshenv"
+ZSHRC_PATH="$HOME/.zshrc"
+FSHCFG_PATH="$HOME/.config/fish/config.fish"
+
+# append /Applications/podman/bin to $PATH
+if [ -f "$BASHRC_PATH" ]; then
+ grep -Fxq "$BZSH_PODMAN_PATH_EXP" "$BASHRC_PATH" || echo "$BZSH_PODMAN_PATH_EXP" >> "$BASHRC_PATH"
+fi
+if [ -f "$ZSHENV_PATH" ]; then
+ grep -Fxq "$BZSH_PODMAN_PATH_EXP" "$ZSHENV_PATH" || echo "$BZSH_PODMAN_PATH_EXP" >> "$ZSHENV_PATH"
+fi
+if [ -f "$ZSHRC_PATH" ]; then
+ grep -Fxq "$BZSH_PODMAN_PATH_EXP" "$ZSHRC_PATH" || echo "$BZSH_PODMAN_PATH_EXP" >> "$ZSHRC_PATH"
+fi
+if [ -f "$FSHCFG_PATH" ]; then
+ grep -Fxq "$FISH_PODMAN_PATH_EXP" "$FSHCFG_PATH" || echo "$FISH_PODMAN_PATH_EXP" >> "$FSHCFG_PATH"
+fi
+
+ln -s /opt/podman/bin/podman-mac-helper /opt/podman/qemu/bin/podman-mac-helper
+ln -s /opt/podman/bin/gvproxy /opt/podman/qemu/bin/gvproxy
diff --git a/contrib/pkginstaller/scripts/preinstall b/contrib/pkginstaller/scripts/preinstall
new file mode 100755
index 000000000..a381868fc
--- /dev/null
+++ b/contrib/pkginstaller/scripts/preinstall
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -e
+
+rm -rf /opt/podman
diff --git a/contrib/pkginstaller/welcome.html.in b/contrib/pkginstaller/welcome.html.in
new file mode 100644
index 000000000..b06198716
--- /dev/null
+++ b/contrib/pkginstaller/welcome.html.in
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="utf-8"/>
+</head>
+<body>
+<div align="left" style="font-family: Helvetica; padding-left: 10px;">
+ <br/>
+ <p style="color: #020202; font-size: 12px;">This will install <span style="color: #46b9d6; font-size: 12px;">Podman __VERSION__</span>
+ on your computer. You will be guided through the steps necessary to install this software.</p>
+ <br/>
+ <p style="color: #abb0b0; font-size: 12px;">Click <span style="color: #626666">“Continue"</span> to continue the
+ setup</p>
+</div>
+</body>
+</html>
diff --git a/docs/source/markdown/podman-generate-systemd.1.md b/docs/source/markdown/podman-generate-systemd.1.md
index 50881a509..fc2ce171e 100644
--- a/docs/source/markdown/podman-generate-systemd.1.md
+++ b/docs/source/markdown/podman-generate-systemd.1.md
@@ -14,6 +14,13 @@ Generating unit files for a pod requires the pod to be created with an infra con
_Note: If you use this command with the remote client, including Mac and Windows (excluding WSL2) machines, you would still have to place the generated units on the remote system. Moreover, please make sure that the XDG_RUNTIME_DIR environment variable is set. If unset, you may set it via `export XDG_RUNTIME_DIR=/run/user/$(id -u)`._
+_Note: The generated `podman run` command contains an `--sdnotify` option with the value taken from the container.
+If the container does not have any explicitly set value or the value is set to __ignore__, the value __conmon__ is used.
+The reason for overriding the default value __container__ is that almost no container workloads send notify messages.
+Systemd would wait for a ready message that never comes, if the value __container__ is used for a container
+that does not send notify messages. The use of the default value might have been unintentional by the user,
+therefore the overridden default value._
+
### Kubernetes Integration
A Kubernetes YAML can be executed in systemd via the `podman-kube@.service` systemd template. The template's argument is the path to the YAML file. Given a `workload.yaml` file in the home directory, it can be executed as follows:
diff --git a/docs/source/markdown/podman-pod-create.1.md b/docs/source/markdown/podman-pod-create.1.md
index 6ed66c599..7b63ac51d 100644
--- a/docs/source/markdown/podman-pod-create.1.md
+++ b/docs/source/markdown/podman-pod-create.1.md
@@ -373,7 +373,7 @@ Note: Labeling can be disabled for all containers by setting label=false in the
#### **--share**=*namespace*
-A comma-separated list of kernel namespaces to share. If none or "" is specified, no namespaces will be shared. The namespaces to choose from are cgroup, ipc, net, pid, uts. If the option is prefixed with a "+" then the namespace is appended to the default list, otherwise it replaces the default list. Defaults matches Kubernetes default (ipc, net, uts)
+A comma-separated list of kernel namespaces to share. If none or "" is specified, no namespaces will be shared and the infra container will not be created unless expiclity specified via **--infra=true**. The namespaces to choose from are cgroup, ipc, net, pid, uts. If the option is prefixed with a "+" then the namespace is appended to the default list, otherwise it replaces the default list. Defaults matches Kubernetes default (ipc, net, uts)
#### **--share-parent**
diff --git a/docs/tutorials/socket_activation.md b/docs/tutorials/socket_activation.md
index 9b4b02b81..f4ad5aefd 100644
--- a/docs/tutorials/socket_activation.md
+++ b/docs/tutorials/socket_activation.md
@@ -19,7 +19,7 @@ The architecture looks like this
``` mermaid
stateDiagram-v2
- [*] --> systemd: client connects
+ [*] --> systemd: first client connects
systemd --> podman: socket inherited via fork/exec
```
@@ -55,6 +55,9 @@ $ export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock
$ docker-compose up
```
+When __docker-compose__ or any other client connects to the UNIX socket `$XDG_RUNTIME_DIR/podman/podman.sock`,
+the service _podman.service_ is started. See its definition in the file _/usr/lib/systemd/user/podman.service_.
+
## Socket activation of containers
Since version 3.4.0 Podman supports socket activation of containers, i.e., passing
@@ -65,7 +68,7 @@ as can be seen in the following diagram:
``` mermaid
stateDiagram-v2
- [*] --> systemd: client connects
+ [*] --> systemd: first client connects
systemd --> podman: socket inherited via fork/exec
state "OCI runtime" as s2
podman --> conmon: socket inherited via double fork/exec
@@ -207,6 +210,18 @@ container then runs with less privileges.
When using rootless Podman, network traffic is normally passed through slirp4netns. This comes with
a performance penalty. Fortunately, communication over the socket-activated socket does not pass through
slirp4netns so it has the same performance characteristics as the normal network on the host.
-Note, there is a delay when the first connection is made because the container needs to
+
+### Starting a socket-activated service
+
+There is a delay when the first connection is made because the container needs to
start up. To minimize this delay, consider passing __--pull=never__ to `podman run` and instead
-pull the container image beforehand.
+pull the container image beforehand. Instead of waiting for the start of the service to be triggered by the
+first client connecting to it, the service can also be explicitly started (`systemctl --user start echo.service`).
+
+### Stopping a socket-activated service
+
+Some services run a command (configured by the systemd directive __ExecStart__) that exits after some time of inactivity.
+Depending on the restart configuration for the service
+(systemd directive [__Restart__](https://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart=)),
+it may then be stopped. An example of this is _podman.service_ that stops after some time of inactivity.
+The service will be started again when the next client connects to the socket.
diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go
index a9185c3d3..15cfc824e 100644
--- a/pkg/api/handlers/compat/images_build.go
+++ b/pkg/api/handlers/compat/images_build.go
@@ -140,6 +140,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
Registry: "docker.io",
Rm: true,
ShmSize: 64 * 1024 * 1024,
+ TLSVerify: true,
}
decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder)
diff --git a/pkg/api/handlers/compat/images_search.go b/pkg/api/handlers/compat/images_search.go
index a6fd3a3a1..2fc95e84e 100644
--- a/pkg/api/handlers/compat/images_search.go
+++ b/pkg/api/handlers/compat/images_search.go
@@ -26,6 +26,7 @@ func SearchImages(w http.ResponseWriter, r *http.Request) {
ListTags bool `json:"listTags"`
}{
// This is where you can override the golang default value for one of fields
+ TLSVerify: true,
}
if err := decoder.Decode(&query, r.URL.Query()); err != nil {
diff --git a/pkg/api/handlers/libpod/images_push.go b/pkg/api/handlers/libpod/images_push.go
index f427dc01b..9ee651f5b 100644
--- a/pkg/api/handlers/libpod/images_push.go
+++ b/pkg/api/handlers/libpod/images_push.go
@@ -32,6 +32,7 @@ func PushImage(w http.ResponseWriter, r *http.Request) {
TLSVerify bool `schema:"tlsVerify"`
Quiet bool `schema:"quiet"`
}{
+ TLSVerify: true,
// #14971: older versions did not sent *any* data, so we need
// to be quiet by default to remain backwards compatible
Quiet: true,
diff --git a/pkg/api/handlers/libpod/manifests.go b/pkg/api/handlers/libpod/manifests.go
index 3235a2972..43c7139d3 100644
--- a/pkg/api/handlers/libpod/manifests.go
+++ b/pkg/api/handlers/libpod/manifests.go
@@ -310,6 +310,7 @@ func ManifestPush(w http.ResponseWriter, r *http.Request) {
TLSVerify bool `schema:"tlsVerify"`
}{
// Add defaults here once needed.
+ TLSVerify: true,
}
if err := decoder.Decode(&query, r.URL.Query()); err != nil {
utils.Error(w, http.StatusBadRequest,
diff --git a/pkg/api/server/register_images.go b/pkg/api/server/register_images.go
index 11ab8cae0..1bfedd77e 100644
--- a/pkg/api/server/register_images.go
+++ b/pkg/api/server/register_images.go
@@ -192,8 +192,8 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error {
// - in: query
// name: tlsVerify
// type: boolean
- // default: false
- // description: skip TLS verification for registries
+ // default: true
+ // description: Require HTTPS and verify signatures when contacting registries.
// - in: query
// name: listTags
// type: boolean
@@ -1120,8 +1120,8 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error {
// - in: query
// name: tlsVerify
// type: boolean
- // default: false
- // description: skip TLS verification for registries
+ // default: true
+ // description: Require HTTPS and verify signatures when contacting registries.
// - in: query
// name: listTags
// type: boolean
diff --git a/pkg/api/server/register_manifest.go b/pkg/api/server/register_manifest.go
index 4fadb92fd..19b507047 100644
--- a/pkg/api/server/register_manifest.go
+++ b/pkg/api/server/register_manifest.go
@@ -69,12 +69,12 @@ func (s *APIServer) registerManifestHandlers(r *mux.Router) error {
// name: all
// description: push all images
// type: boolean
- // default: false
+ // default: true
// - in: query
// name: tlsVerify
// type: boolean
- // default: false
- // description: skip TLS verification for registries
+ // default: true
+ // description: Require HTTPS and verify signatures when contacting registries.
// responses:
// 200:
// schema:
@@ -195,8 +195,8 @@ func (s *APIServer) registerManifestHandlers(r *mux.Router) error {
// - in: query
// name: tlsVerify
// type: boolean
- // default: false
- // description: skip TLS verification for registries
+ // default: true
+ // description: Require HTTPS and verify signatures when contacting registries.
// - in: body
// name: options
// description: options for mutating a manifest
diff --git a/pkg/bindings/test/images_test.go b/pkg/bindings/test/images_test.go
index a005be6ac..8f76ce456 100644
--- a/pkg/bindings/test/images_test.go
+++ b/pkg/bindings/test/images_test.go
@@ -120,8 +120,6 @@ var _ = Describe("Podman images", func() {
// deleting hence image cannot be deleted until the container is deleted.
_, errs = images.Remove(bt.conn, []string{alpine.shortName}, nil)
code, _ = bindings.CheckResponseCode(errs[0])
- // FIXME FIXME FIXME: #12441: another invalid error
- // FIXME FIXME FIXME: this time msg="Image used by SHA: ..."
Expect(code).To(BeNumerically("==", -1))
// Removing the image "alpine" where force = true
diff --git a/pkg/domain/filters/containers.go b/pkg/domain/filters/containers.go
index f88a165e7..de62b6582 100644
--- a/pkg/domain/filters/containers.go
+++ b/pkg/domain/filters/containers.go
@@ -7,6 +7,7 @@ import (
"strings"
"time"
+ "github.com/containers/common/pkg/filters"
cutil "github.com/containers/common/pkg/util"
"github.com/containers/podman/v4/libpod"
"github.com/containers/podman/v4/libpod/define"
@@ -24,7 +25,7 @@ func GenerateContainerFilterFuncs(filter string, filterValues []string, r *libpo
case "label":
// we have to match that all given labels exits on that container
return func(c *libpod.Container) bool {
- return util.MatchLabelFilters(filterValues, c.Labels())
+ return filters.MatchLabelFilters(filterValues, c.Labels())
}, nil
case "name":
// we only have to match one name
@@ -299,7 +300,11 @@ func GeneratePruneContainerFilterFuncs(filter string, filterValues []string, r *
switch filter {
case "label":
return func(c *libpod.Container) bool {
- return util.MatchLabelFilters(filterValues, c.Labels())
+ return filters.MatchLabelFilters(filterValues, c.Labels())
+ }, nil
+ case "label!":
+ return func(c *libpod.Container) bool {
+ return !filters.MatchLabelFilters(filterValues, c.Labels())
}, nil
case "until":
return prepareUntilFilterFunc(filterValues)
diff --git a/pkg/domain/filters/pods.go b/pkg/domain/filters/pods.go
index 78b97db64..7b0944292 100644
--- a/pkg/domain/filters/pods.go
+++ b/pkg/domain/filters/pods.go
@@ -6,6 +6,7 @@ import (
"strconv"
"strings"
+ "github.com/containers/common/pkg/filters"
cutil "github.com/containers/common/pkg/util"
"github.com/containers/podman/v4/libpod"
"github.com/containers/podman/v4/libpod/define"
@@ -115,7 +116,7 @@ func GeneratePodFilterFunc(filter string, filterValues []string, r *libpod.Runti
case "label":
return func(p *libpod.Pod) bool {
labels := p.Labels()
- return util.MatchLabelFilters(filterValues, labels)
+ return filters.MatchLabelFilters(filterValues, labels)
}, nil
case "until":
return func(p *libpod.Pod) bool {
diff --git a/pkg/domain/filters/volumes.go b/pkg/domain/filters/volumes.go
index 7c5047225..9cec39fbb 100644
--- a/pkg/domain/filters/volumes.go
+++ b/pkg/domain/filters/volumes.go
@@ -6,6 +6,7 @@ import (
"regexp"
"strings"
+ pruneFilters "github.com/containers/common/pkg/filters"
"github.com/containers/podman/v4/libpod"
"github.com/containers/podman/v4/pkg/util"
)
@@ -36,7 +37,7 @@ func GenerateVolumeFilters(filters url.Values) ([]libpod.VolumeFilter, error) {
case "label":
filter := val
vf = append(vf, func(v *libpod.Volume) bool {
- return util.MatchLabelFilters([]string{filter}, v.Labels())
+ return pruneFilters.MatchLabelFilters([]string{filter}, v.Labels())
})
case "opt":
filterArray := strings.SplitN(val, "=", 2)
@@ -100,7 +101,7 @@ func GeneratePruneVolumeFilters(filters url.Values) ([]libpod.VolumeFilter, erro
switch filter {
case "label":
vf = append(vf, func(v *libpod.Volume) bool {
- return util.MatchLabelFilters([]string{filterVal}, v.Labels())
+ return pruneFilters.MatchLabelFilters([]string{filterVal}, v.Labels())
})
case "until":
f, err := createUntilFilterVolumeFunction(filterVal)
diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go
index dd7053a23..ab742fb35 100644
--- a/pkg/domain/infra/abi/containers.go
+++ b/pkg/domain/infra/abi/containers.go
@@ -260,6 +260,7 @@ func (ic *ContainerEngine) ContainerPrune(ctx context.Context, options entities.
if err != nil {
return nil, err
}
+
filterFuncs = append(filterFuncs, generatedFunc)
}
return ic.Libpod.PruneContainers(filterFuncs)
diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go
index 3b57455c4..7974c261e 100644
--- a/pkg/machine/qemu/machine.go
+++ b/pkg/machine/qemu/machine.go
@@ -670,11 +670,11 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error {
// because / is immutable, we have to monkey around with permissions
// if we dont mount in /home or /mnt
args := []string{"-q", "--"}
- if !strings.HasPrefix(mount.Target, "/home") || !strings.HasPrefix(mount.Target, "/mnt") {
+ if !strings.HasPrefix(mount.Target, "/home") && !strings.HasPrefix(mount.Target, "/mnt") {
args = append(args, "sudo", "chattr", "-i", "/", ";")
}
args = append(args, "sudo", "mkdir", "-p", mount.Target)
- if !strings.HasPrefix(mount.Target, "/home") || !strings.HasPrefix(mount.Target, "/mnt") {
+ if !strings.HasPrefix(mount.Target, "/home") && !strings.HasPrefix(mount.Target, "/mnt") {
args = append(args, ";", "sudo", "chattr", "+i", "/", ";")
}
err = v.SSH(name, machine.SSHOptions{Args: args})
diff --git a/pkg/util/filters.go b/pkg/util/filters.go
index 08148806f..104b9c3c2 100644
--- a/pkg/util/filters.go
+++ b/pkg/util/filters.go
@@ -5,7 +5,6 @@ import (
"errors"
"fmt"
"net/http"
- "path/filepath"
"strings"
"time"
@@ -94,35 +93,3 @@ func PrepareFilters(r *http.Request) (*map[string][]string, error) {
}
return &filterMap, nil
}
-
-func matchPattern(pattern string, value string) bool {
- if strings.Contains(pattern, "*") {
- filter := fmt.Sprintf("*%s*", pattern)
- filter = strings.ReplaceAll(filter, string(filepath.Separator), "|")
- newName := strings.ReplaceAll(value, string(filepath.Separator), "|")
- match, _ := filepath.Match(filter, newName)
- return match
- }
- return false
-}
-
-// MatchLabelFilters matches labels and returns true if they are valid
-func MatchLabelFilters(filterValues []string, labels map[string]string) bool {
-outer:
- for _, filterValue := range filterValues {
- filterArray := strings.SplitN(filterValue, "=", 2)
- filterKey := filterArray[0]
- if len(filterArray) > 1 {
- filterValue = filterArray[1]
- } else {
- filterValue = ""
- }
- for labelKey, labelValue := range labels {
- if ((labelKey == filterKey) || matchPattern(filterKey, labelKey)) && (filterValue == "" || labelValue == filterValue) {
- continue outer
- }
- }
- return false
- }
- return true
-}
diff --git a/pkg/util/filters_test.go b/pkg/util/filters_test.go
index 47259013e..8e45ea61c 100644
--- a/pkg/util/filters_test.go
+++ b/pkg/util/filters_test.go
@@ -2,6 +2,8 @@ package util
import (
"testing"
+
+ "github.com/containers/common/pkg/filters"
)
func TestMatchLabelFilters(t *testing.T) {
@@ -71,7 +73,7 @@ func TestMatchLabelFilters(t *testing.T) {
for _, tt := range tests {
tt := tt
t.Run(tt.name, func(t *testing.T) {
- if got := MatchLabelFilters(tt.args.filterValues, tt.args.labels); got != tt.want {
+ if got := filters.MatchLabelFilters(tt.args.filterValues, tt.args.labels); got != tt.want {
t.Errorf("MatchLabelFilters() = %v, want %v", got, tt.want)
}
})
diff --git a/test/apiv2/12-imagesMore.at b/test/apiv2/12-imagesMore.at
index d4b09174f..498d67569 100644
--- a/test/apiv2/12-imagesMore.at
+++ b/test/apiv2/12-imagesMore.at
@@ -28,7 +28,10 @@ t GET libpod/images/$IMAGE/json 200 \
.RepoTags[1]=localhost:$REGISTRY_PORT/myrepo:mytag
# Push to local registry...
-t POST "images/localhost:$REGISTRY_PORT/myrepo/push?tlsVerify=false&tag=mytag" 200
+t POST "images/localhost:$REGISTRY_PORT/myrepo/push?tag=mytag" 200 \
+ .error~".*x509: certificate signed by unknown authority"
+t POST "images/localhost:$REGISTRY_PORT/myrepo/push?tlsVerify=false&tag=mytag" 200 \
+ .error~null
# ...and check output. We can't use our built-in checks because this output
# is a sequence of JSON objects, i.e., individual ones, not in a JSON array.
diff --git a/test/apiv2/15-manifest.at b/test/apiv2/15-manifest.at
index 970bed5a8..6584ea8e4 100644
--- a/test/apiv2/15-manifest.at
+++ b/test/apiv2/15-manifest.at
@@ -31,6 +31,8 @@ t POST /v3.4.0/libpod/manifests/$id_abc/add images="[\"containers-storage:$id_ab
t PUT /v4.0.0/libpod/manifests/$id_xyz operation='update' images="[\"containers-storage:$id_xyz_image\"]" 200
t POST "/v3.4.0/libpod/manifests/abc:latest/push?destination=localhost:$REGISTRY_PORT%2Fabc:latest&tlsVerify=false&all=true" 200
+t POST "/v4.0.0/libpod/manifests/xyz:latest/registry/localhost:$REGISTRY_PORT%2Fxyz:latest?all=true" 400 \
+ .cause='x509: certificate signed by unknown authority'
t POST "/v4.0.0/libpod/manifests/xyz:latest/registry/localhost:$REGISTRY_PORT%2Fxyz:latest?tlsVerify=false&all=true" 200
# /v3.x cannot delete a manifest list
diff --git a/test/buildah-bud/apply-podman-deltas b/test/buildah-bud/apply-podman-deltas
index d6d539fa4..6578afc93 100755
--- a/test/buildah-bud/apply-podman-deltas
+++ b/test/buildah-bud/apply-podman-deltas
@@ -163,7 +163,7 @@ skip "does not work under podman" \
# which we could and perhaps should fix in the buildah repo via:
# - ... ${TESTSDIR}/bud/layers-squash/Dockerfile.hardlinks
# + ... -f Dockerfile.hardlinks ${TESTSDIR}/bud/layers-squash
-skip "FIXME FIXME FIXME: argument-order incompatible with podman" \
+skip "argument-order incompatible with podman" \
"bud-squash-hardlinks"
# Fails with "Error: context must be a directory: /path/to/Dockerfile"
@@ -231,7 +231,7 @@ skip_if_remote "FIXME FIXME FIXME: does this test make sense in remote?" \
###############################################################################
# BEGIN tests which are skipped due to actual podman or podman-remote bugs.
-skip_if_remote "Podman #12838: different error messages" \
+skip_if_remote "different error messages between podman & podman-remote" \
"bud with .dockerignore #2"
# These two tests, new in 2022-01, invoke podman (create, export) in ways
diff --git a/test/e2e/benchmarks_test.go b/test/e2e/benchmarks_test.go
index fe045b97a..4be048de2 100644
--- a/test/e2e/benchmarks_test.go
+++ b/test/e2e/benchmarks_test.go
@@ -240,7 +240,7 @@ var _ = Describe("Podman Benchmark Suite", func() {
// --------------------------------------------------------------------------
newBenchmark("podman create", func() {
- session := podmanTest.Podman([]string{"run", ALPINE, "true"})
+ session := podmanTest.Podman([]string{"create", ALPINE, "true"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
}, nil)
@@ -262,5 +262,11 @@ var _ = Describe("Podman Benchmark Suite", func() {
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
}, nil)
+
+ newBenchmark("podman run --detach", func() {
+ session := podmanTest.Podman([]string{"run", "--detach", ALPINE, "true"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ }, nil)
})
})
diff --git a/test/e2e/checkpoint_test.go b/test/e2e/checkpoint_test.go
index a4646b6d1..8f5e1a0b6 100644
--- a/test/e2e/checkpoint_test.go
+++ b/test/e2e/checkpoint_test.go
@@ -223,6 +223,26 @@ var _ = Describe("Podman checkpoint", func() {
Expect(result).Should(Exit(0))
Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1))
Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up"))
+
+ // Restore a container which name is equal to a image name (#15055)
+ localRunString = getRunString([]string{"--name", "alpine", "quay.io/libpod/alpine:latest", "top"})
+ session = podmanTest.Podman(localRunString)
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+
+ result = podmanTest.Podman([]string{"container", "checkpoint", "alpine"})
+ result.WaitWithDefaultTimeout()
+
+ Expect(result).Should(Exit(0))
+ Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1))
+ Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Exited"))
+
+ result = podmanTest.Podman([]string{"container", "restore", "alpine"})
+ result.WaitWithDefaultTimeout()
+
+ Expect(result).Should(Exit(0))
+ Expect(podmanTest.NumberOfContainersRunning()).To(Equal(2))
+ Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up"))
})
It("podman pause a checkpointed container by id", func() {
@@ -1457,11 +1477,6 @@ var _ = Describe("Podman checkpoint", func() {
})
It("podman checkpoint and restore container with --file-locks", func() {
- if !strings.Contains(podmanTest.OCIRuntime, "runc") {
- // TODO: Enable test for crun when this feature has been released
- // https://github.com/containers/crun/pull/783
- Skip("FIXME: requires crun >= 1.4")
- }
localRunString := getRunString([]string{"--name", "test_name", ALPINE, "flock", "test.lock", "sleep", "100"})
session := podmanTest.Podman(localRunString)
session.WaitWithDefaultTimeout()
diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go
index 819efa628..41e78ce0e 100644
--- a/test/e2e/containers_conf_test.go
+++ b/test/e2e/containers_conf_test.go
@@ -535,7 +535,8 @@ var _ = Describe("Verify podman containers.conf usage", func() {
It("podman containers.conf cgroups=disabled", func() {
if !strings.Contains(podmanTest.OCIRuntime, "crun") {
- Skip("FIXME: requires crun")
+ // Assume this will never be fixed in runc
+ Skip("NoCgroups requires crun")
}
conffile := filepath.Join(podmanTest.TempDir, "container.conf")
diff --git a/test/e2e/pod_infra_container_test.go b/test/e2e/pod_infra_container_test.go
index a2e090524..b53630156 100644
--- a/test/e2e/pod_infra_container_test.go
+++ b/test/e2e/pod_infra_container_test.go
@@ -435,4 +435,20 @@ var _ = Describe("Podman pod create", func() {
Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(ContainSubstring(hostname))
})
+
+ tests := []string{"", "none"}
+ for _, test := range tests {
+ test := test
+ It("podman pod create --share="+test+" should not create an infra ctr", func() {
+ session := podmanTest.Podman([]string{"pod", "create", "--share", test})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+
+ session = podmanTest.Podman([]string{"pod", "inspect", "--format", "{{.NumContainers}}", session.OutputToString()})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ Expect(session.OutputToString()).Should((Equal("0")))
+ })
+ }
+
})
diff --git a/test/e2e/prune_test.go b/test/e2e/prune_test.go
index 89cc65540..0b1d68aea 100644
--- a/test/e2e/prune_test.go
+++ b/test/e2e/prune_test.go
@@ -280,6 +280,24 @@ var _ = Describe("Podman prune", func() {
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
Expect(session.OutputToStringArray()).To(HaveLen(0))
+
+ // Create new network.
+ session = podmanTest.Podman([]string{"network", "create", "test1", "--label", "foo"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+
+ // Remove all unused networks.
+ session = podmanTest.Podman([]string{"system", "prune", "-f", "--filter", "label!=foo"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ Expect(session.OutputToString()).Should(Equal("Total reclaimed space: 0B"))
+
+ // Unused networks removed.
+ session = podmanTest.Podman([]string{"network", "ls", "-q", "--filter", "name=^test1$"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ // label should make sure we do not remove this network
+ Expect(session.OutputToStringArray()).To(HaveLen(1))
})
It("podman system prune - pod,container stopped", func() {
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index c6c8534ad..c7a0b3f2b 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -715,8 +715,7 @@ USER bin`, BB)
})
It("podman run device-read-bps test", func() {
- SkipIfRootless("FIXME: requested cgroup controller `io` is not available")
- SkipIfRootlessCgroupsV1("Setting device-read-bps not supported on cgroupv1 for rootless users")
+ SkipIfRootless("Setting device-read-bps not supported for rootless users")
var session *PodmanSessionIntegration
@@ -734,8 +733,7 @@ USER bin`, BB)
})
It("podman run device-write-bps test", func() {
- SkipIfRootless("FIXME: requested cgroup controller `io` is not available")
- SkipIfRootlessCgroupsV1("Setting device-write-bps not supported on cgroupv1 for rootless users")
+ SkipIfRootless("Setting device-write-bps not supported for rootless users")
var session *PodmanSessionIntegration
@@ -752,8 +750,7 @@ USER bin`, BB)
})
It("podman run device-read-iops test", func() {
- SkipIfRootless("FIXME: requested cgroup controller `io` is not available")
- SkipIfRootlessCgroupsV1("Setting device-read-iops not supported on cgroupv1 for rootless users")
+ SkipIfRootless("Setting device-read-iops not supported for rootless users")
var session *PodmanSessionIntegration
if CGROUPSV2 {
@@ -770,8 +767,7 @@ USER bin`, BB)
})
It("podman run device-write-iops test", func() {
- SkipIfRootless("FIXME: requested cgroup controller `io` is not available")
- SkipIfRootlessCgroupsV1("Setting device-write-iops not supported on cgroupv1 for rootless users")
+ SkipIfRootless("Setting device-write-iops not supported for rootless users")
var session *PodmanSessionIntegration
if CGROUPSV2 {
@@ -1239,6 +1235,7 @@ USER mail`, BB)
})
It("podman run --mount type=bind,bind-nonrecursive", func() {
+ // crun: mount `/` to `/host`: Invalid argument
SkipIfRootless("FIXME: rootless users are not allowed to mount bind-nonrecursive (Could this be a Kernel bug?")
session := podmanTest.Podman([]string{"run", "--mount", "type=bind,bind-nonrecursive,slave,src=/,target=/host", fedoraMinimal, "findmnt", "-nR", "/host"})
session.WaitWithDefaultTimeout()
diff --git a/test/system/010-images.bats b/test/system/010-images.bats
index 638910302..aa390f236 100644
--- a/test/system/010-images.bats
+++ b/test/system/010-images.bats
@@ -317,4 +317,11 @@ Deleted: $pauseID"
is "$output" ""
}
+@test "podman image rm --force bogus" {
+ run_podman 1 image rm bogus
+ is "$output" "Error: bogus: image not known" "Should print error"
+ run_podman image rm --force bogus
+ is "$output" "" "Should print no output"
+}
+
# vim: filetype=sh
diff --git a/test/system/055-rm.bats b/test/system/055-rm.bats
index 0ef2216b8..dcd679a1f 100644
--- a/test/system/055-rm.bats
+++ b/test/system/055-rm.bats
@@ -96,4 +96,11 @@ load helpers
run_podman 137 run --name $rand $IMAGE sleep 30
}
+@test "podman container rm --force bogus" {
+ run_podman 1 container rm bogus
+ is "$output" "Error: no container with name or ID \"bogus\" found: no such container" "Should print error"
+ run_podman container rm --force bogus
+ is "$output" "" "Should print no output"
+}
+
# vim: filetype=sh
diff --git a/test/system/160-volumes.bats b/test/system/160-volumes.bats
index 18e806699..6829c6a78 100644
--- a/test/system/160-volumes.bats
+++ b/test/system/160-volumes.bats
@@ -473,4 +473,11 @@ EOF
run_podman image rm --force localhost/volume_image
}
+@test "podman volume rm --force bogus" {
+ run_podman 1 volume rm bogus
+ is "$output" "Error: no volume with name \"bogus\" found: no such volume" "Should print error"
+ run_podman volume rm --force bogus
+ is "$output" "" "Should print no output"
+}
+
# vim: filetype=sh
diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats
index 667e2baef..da2f7cd59 100644
--- a/test/system/200-pod.bats
+++ b/test/system/200-pod.bats
@@ -547,4 +547,11 @@ io.max | $lomajmin rbps=1048576 wbps=1048576 riops=max wiops=max
wait
}
+@test "podman pod rm --force bogus" {
+ run_podman 1 pod rm bogus
+ is "$output" "Error: .*bogus.*: no such pod" "Should print error"
+ run_podman pod rm --force bogus
+ is "$output" "" "Should print no output"
+}
+
# vim: filetype=sh
diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
index f45540f5f..b9a173c2a 100644
--- a/test/system/500-networking.bats
+++ b/test/system/500-networking.bats
@@ -260,7 +260,7 @@ load helpers
run_podman rm -t 0 -f $cid
run_podman network rm $mynetname
- run_podman 1 network rm -f $mynetname
+ run_podman 1 network rm $mynetname
}
@test "podman network reload" {
@@ -760,4 +760,11 @@ EOF
done
}
+@test "podman network rm --force bogus" {
+ run_podman 1 network rm bogus
+ is "$output" "Error: unable to find network with name or ID bogus: network not found" "Should print error"
+ run_podman network rm --force bogus
+ is "$output" "" "Should print no output"
+}
+
# vim: filetype=sh
diff --git a/test/system/520-checkpoint.bats b/test/system/520-checkpoint.bats
index 7f60f01b3..7c8fc143a 100644
--- a/test/system/520-checkpoint.bats
+++ b/test/system/520-checkpoint.bats
@@ -12,7 +12,7 @@ function setup() {
# could run to see if it's fixed, but it's way too complicated. Since
# integration tests also skip checkpoint tests on Ubuntu, do the same here.
if is_ubuntu; then
- skip "FIXME: checkpointing broken in Ubuntu 2004, 2104, 2110, ..."
+ skip "FIXME: checkpointing broken in Ubuntu 2004, 2104, 2110, 2204, ..."
fi
# None of these tests work rootless....