diff options
| -rw-r--r-- | pkg/api/handlers/compat/images_build.go | 1 | ||||
| -rw-r--r-- | pkg/api/handlers/compat/images_search.go | 1 | ||||
| -rw-r--r-- | pkg/api/handlers/libpod/images_push.go | 1 | ||||
| -rw-r--r-- | pkg/api/handlers/libpod/manifests.go | 1 | ||||
| -rw-r--r-- | pkg/api/server/register_images.go | 8 | ||||
| -rw-r--r-- | pkg/api/server/register_manifest.go | 10 | ||||
| -rw-r--r-- | pkg/bindings/test/images_test.go | 2 | ||||
| -rw-r--r-- | pkg/machine/qemu/machine.go | 4 | ||||
| -rw-r--r-- | test/apiv2/12-imagesMore.at | 5 | ||||
| -rw-r--r-- | test/apiv2/15-manifest.at | 2 | ||||
| -rwxr-xr-x | test/buildah-bud/apply-podman-deltas | 4 | ||||
| -rw-r--r-- | test/e2e/benchmarks_test.go | 8 | ||||
| -rw-r--r-- | test/e2e/checkpoint_test.go | 5 | ||||
| -rw-r--r-- | test/e2e/containers_conf_test.go | 3 | ||||
| -rw-r--r-- | test/e2e/run_test.go | 13 | ||||
| -rw-r--r-- | test/system/520-checkpoint.bats | 2 |
16 files changed, 38 insertions, 32 deletions
diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go index a9185c3d3..15cfc824e 100644 --- a/pkg/api/handlers/compat/images_build.go +++ b/pkg/api/handlers/compat/images_build.go @@ -140,6 +140,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { Registry: "docker.io", Rm: true, ShmSize: 64 * 1024 * 1024, + TLSVerify: true, } decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder) diff --git a/pkg/api/handlers/compat/images_search.go b/pkg/api/handlers/compat/images_search.go index a6fd3a3a1..2fc95e84e 100644 --- a/pkg/api/handlers/compat/images_search.go +++ b/pkg/api/handlers/compat/images_search.go @@ -26,6 +26,7 @@ func SearchImages(w http.ResponseWriter, r *http.Request) { ListTags bool `json:"listTags"` }{ // This is where you can override the golang default value for one of fields + TLSVerify: true, } if err := decoder.Decode(&query, r.URL.Query()); err != nil { diff --git a/pkg/api/handlers/libpod/images_push.go b/pkg/api/handlers/libpod/images_push.go index f427dc01b..9ee651f5b 100644 --- a/pkg/api/handlers/libpod/images_push.go +++ b/pkg/api/handlers/libpod/images_push.go @@ -32,6 +32,7 @@ func PushImage(w http.ResponseWriter, r *http.Request) { TLSVerify bool `schema:"tlsVerify"` Quiet bool `schema:"quiet"` }{ + TLSVerify: true, // #14971: older versions did not sent *any* data, so we need // to be quiet by default to remain backwards compatible Quiet: true, diff --git a/pkg/api/handlers/libpod/manifests.go b/pkg/api/handlers/libpod/manifests.go index 3235a2972..43c7139d3 100644 --- a/pkg/api/handlers/libpod/manifests.go +++ b/pkg/api/handlers/libpod/manifests.go @@ -310,6 +310,7 @@ func ManifestPush(w http.ResponseWriter, r *http.Request) { TLSVerify bool `schema:"tlsVerify"` }{ // Add defaults here once needed. + TLSVerify: true, } if err := decoder.Decode(&query, r.URL.Query()); err != nil { utils.Error(w, http.StatusBadRequest, diff --git a/pkg/api/server/register_images.go b/pkg/api/server/register_images.go index 11ab8cae0..1bfedd77e 100644 --- a/pkg/api/server/register_images.go +++ b/pkg/api/server/register_images.go @@ -192,8 +192,8 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error { // - in: query // name: tlsVerify // type: boolean - // default: false - // description: skip TLS verification for registries + // default: true + // description: Require HTTPS and verify signatures when contacting registries. // - in: query // name: listTags // type: boolean @@ -1120,8 +1120,8 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error { // - in: query // name: tlsVerify // type: boolean - // default: false - // description: skip TLS verification for registries + // default: true + // description: Require HTTPS and verify signatures when contacting registries. // - in: query // name: listTags // type: boolean diff --git a/pkg/api/server/register_manifest.go b/pkg/api/server/register_manifest.go index 4fadb92fd..19b507047 100644 --- a/pkg/api/server/register_manifest.go +++ b/pkg/api/server/register_manifest.go @@ -69,12 +69,12 @@ func (s *APIServer) registerManifestHandlers(r *mux.Router) error { // name: all // description: push all images // type: boolean - // default: false + // default: true // - in: query // name: tlsVerify // type: boolean - // default: false - // description: skip TLS verification for registries + // default: true + // description: Require HTTPS and verify signatures when contacting registries. // responses: // 200: // schema: @@ -195,8 +195,8 @@ func (s *APIServer) registerManifestHandlers(r *mux.Router) error { // - in: query // name: tlsVerify // type: boolean - // default: false - // description: skip TLS verification for registries + // default: true + // description: Require HTTPS and verify signatures when contacting registries. // - in: body // name: options // description: options for mutating a manifest diff --git a/pkg/bindings/test/images_test.go b/pkg/bindings/test/images_test.go index a005be6ac..8f76ce456 100644 --- a/pkg/bindings/test/images_test.go +++ b/pkg/bindings/test/images_test.go @@ -120,8 +120,6 @@ var _ = Describe("Podman images", func() { // deleting hence image cannot be deleted until the container is deleted. _, errs = images.Remove(bt.conn, []string{alpine.shortName}, nil) code, _ = bindings.CheckResponseCode(errs[0]) - // FIXME FIXME FIXME: #12441: another invalid error - // FIXME FIXME FIXME: this time msg="Image used by SHA: ..." Expect(code).To(BeNumerically("==", -1)) // Removing the image "alpine" where force = true diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go index 3b57455c4..7974c261e 100644 --- a/pkg/machine/qemu/machine.go +++ b/pkg/machine/qemu/machine.go @@ -670,11 +670,11 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error { // because / is immutable, we have to monkey around with permissions // if we dont mount in /home or /mnt args := []string{"-q", "--"} - if !strings.HasPrefix(mount.Target, "/home") || !strings.HasPrefix(mount.Target, "/mnt") { + if !strings.HasPrefix(mount.Target, "/home") && !strings.HasPrefix(mount.Target, "/mnt") { args = append(args, "sudo", "chattr", "-i", "/", ";") } args = append(args, "sudo", "mkdir", "-p", mount.Target) - if !strings.HasPrefix(mount.Target, "/home") || !strings.HasPrefix(mount.Target, "/mnt") { + if !strings.HasPrefix(mount.Target, "/home") && !strings.HasPrefix(mount.Target, "/mnt") { args = append(args, ";", "sudo", "chattr", "+i", "/", ";") } err = v.SSH(name, machine.SSHOptions{Args: args}) diff --git a/test/apiv2/12-imagesMore.at b/test/apiv2/12-imagesMore.at index d4b09174f..498d67569 100644 --- a/test/apiv2/12-imagesMore.at +++ b/test/apiv2/12-imagesMore.at @@ -28,7 +28,10 @@ t GET libpod/images/$IMAGE/json 200 \ .RepoTags[1]=localhost:$REGISTRY_PORT/myrepo:mytag # Push to local registry... -t POST "images/localhost:$REGISTRY_PORT/myrepo/push?tlsVerify=false&tag=mytag" 200 +t POST "images/localhost:$REGISTRY_PORT/myrepo/push?tag=mytag" 200 \ + .error~".*x509: certificate signed by unknown authority" +t POST "images/localhost:$REGISTRY_PORT/myrepo/push?tlsVerify=false&tag=mytag" 200 \ + .error~null # ...and check output. We can't use our built-in checks because this output # is a sequence of JSON objects, i.e., individual ones, not in a JSON array. diff --git a/test/apiv2/15-manifest.at b/test/apiv2/15-manifest.at index 970bed5a8..6584ea8e4 100644 --- a/test/apiv2/15-manifest.at +++ b/test/apiv2/15-manifest.at @@ -31,6 +31,8 @@ t POST /v3.4.0/libpod/manifests/$id_abc/add images="[\"containers-storage:$id_ab t PUT /v4.0.0/libpod/manifests/$id_xyz operation='update' images="[\"containers-storage:$id_xyz_image\"]" 200 t POST "/v3.4.0/libpod/manifests/abc:latest/push?destination=localhost:$REGISTRY_PORT%2Fabc:latest&tlsVerify=false&all=true" 200 +t POST "/v4.0.0/libpod/manifests/xyz:latest/registry/localhost:$REGISTRY_PORT%2Fxyz:latest?all=true" 400 \ + .cause='x509: certificate signed by unknown authority' t POST "/v4.0.0/libpod/manifests/xyz:latest/registry/localhost:$REGISTRY_PORT%2Fxyz:latest?tlsVerify=false&all=true" 200 # /v3.x cannot delete a manifest list diff --git a/test/buildah-bud/apply-podman-deltas b/test/buildah-bud/apply-podman-deltas index d6d539fa4..6578afc93 100755 --- a/test/buildah-bud/apply-podman-deltas +++ b/test/buildah-bud/apply-podman-deltas @@ -163,7 +163,7 @@ skip "does not work under podman" \ # which we could and perhaps should fix in the buildah repo via: # - ... ${TESTSDIR}/bud/layers-squash/Dockerfile.hardlinks # + ... -f Dockerfile.hardlinks ${TESTSDIR}/bud/layers-squash -skip "FIXME FIXME FIXME: argument-order incompatible with podman" \ +skip "argument-order incompatible with podman" \ "bud-squash-hardlinks" # Fails with "Error: context must be a directory: /path/to/Dockerfile" @@ -231,7 +231,7 @@ skip_if_remote "FIXME FIXME FIXME: does this test make sense in remote?" \ ############################################################################### # BEGIN tests which are skipped due to actual podman or podman-remote bugs. -skip_if_remote "Podman #12838: different error messages" \ +skip_if_remote "different error messages between podman & podman-remote" \ "bud with .dockerignore #2" # These two tests, new in 2022-01, invoke podman (create, export) in ways diff --git a/test/e2e/benchmarks_test.go b/test/e2e/benchmarks_test.go index fe045b97a..4be048de2 100644 --- a/test/e2e/benchmarks_test.go +++ b/test/e2e/benchmarks_test.go @@ -240,7 +240,7 @@ var _ = Describe("Podman Benchmark Suite", func() { // -------------------------------------------------------------------------- newBenchmark("podman create", func() { - session := podmanTest.Podman([]string{"run", ALPINE, "true"}) + session := podmanTest.Podman([]string{"create", ALPINE, "true"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) }, nil) @@ -262,5 +262,11 @@ var _ = Describe("Podman Benchmark Suite", func() { session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) }, nil) + + newBenchmark("podman run --detach", func() { + session := podmanTest.Podman([]string{"run", "--detach", ALPINE, "true"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + }, nil) }) }) diff --git a/test/e2e/checkpoint_test.go b/test/e2e/checkpoint_test.go index a4646b6d1..d1771f336 100644 --- a/test/e2e/checkpoint_test.go +++ b/test/e2e/checkpoint_test.go @@ -1457,11 +1457,6 @@ var _ = Describe("Podman checkpoint", func() { }) It("podman checkpoint and restore container with --file-locks", func() { - if !strings.Contains(podmanTest.OCIRuntime, "runc") { - // TODO: Enable test for crun when this feature has been released - // https://github.com/containers/crun/pull/783 - Skip("FIXME: requires crun >= 1.4") - } localRunString := getRunString([]string{"--name", "test_name", ALPINE, "flock", "test.lock", "sleep", "100"}) session := podmanTest.Podman(localRunString) session.WaitWithDefaultTimeout() diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go index 819efa628..41e78ce0e 100644 --- a/test/e2e/containers_conf_test.go +++ b/test/e2e/containers_conf_test.go @@ -535,7 +535,8 @@ var _ = Describe("Verify podman containers.conf usage", func() { It("podman containers.conf cgroups=disabled", func() { if !strings.Contains(podmanTest.OCIRuntime, "crun") { - Skip("FIXME: requires crun") + // Assume this will never be fixed in runc + Skip("NoCgroups requires crun") } conffile := filepath.Join(podmanTest.TempDir, "container.conf") diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index c6c8534ad..c7a0b3f2b 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -715,8 +715,7 @@ USER bin`, BB) }) It("podman run device-read-bps test", func() { - SkipIfRootless("FIXME: requested cgroup controller `io` is not available") - SkipIfRootlessCgroupsV1("Setting device-read-bps not supported on cgroupv1 for rootless users") + SkipIfRootless("Setting device-read-bps not supported for rootless users") var session *PodmanSessionIntegration @@ -734,8 +733,7 @@ USER bin`, BB) }) It("podman run device-write-bps test", func() { - SkipIfRootless("FIXME: requested cgroup controller `io` is not available") - SkipIfRootlessCgroupsV1("Setting device-write-bps not supported on cgroupv1 for rootless users") + SkipIfRootless("Setting device-write-bps not supported for rootless users") var session *PodmanSessionIntegration @@ -752,8 +750,7 @@ USER bin`, BB) }) It("podman run device-read-iops test", func() { - SkipIfRootless("FIXME: requested cgroup controller `io` is not available") - SkipIfRootlessCgroupsV1("Setting device-read-iops not supported on cgroupv1 for rootless users") + SkipIfRootless("Setting device-read-iops not supported for rootless users") var session *PodmanSessionIntegration if CGROUPSV2 { @@ -770,8 +767,7 @@ USER bin`, BB) }) It("podman run device-write-iops test", func() { - SkipIfRootless("FIXME: requested cgroup controller `io` is not available") - SkipIfRootlessCgroupsV1("Setting device-write-iops not supported on cgroupv1 for rootless users") + SkipIfRootless("Setting device-write-iops not supported for rootless users") var session *PodmanSessionIntegration if CGROUPSV2 { @@ -1239,6 +1235,7 @@ USER mail`, BB) }) It("podman run --mount type=bind,bind-nonrecursive", func() { + // crun: mount `/` to `/host`: Invalid argument SkipIfRootless("FIXME: rootless users are not allowed to mount bind-nonrecursive (Could this be a Kernel bug?") session := podmanTest.Podman([]string{"run", "--mount", "type=bind,bind-nonrecursive,slave,src=/,target=/host", fedoraMinimal, "findmnt", "-nR", "/host"}) session.WaitWithDefaultTimeout() diff --git a/test/system/520-checkpoint.bats b/test/system/520-checkpoint.bats index 7f60f01b3..7c8fc143a 100644 --- a/test/system/520-checkpoint.bats +++ b/test/system/520-checkpoint.bats @@ -12,7 +12,7 @@ function setup() { # could run to see if it's fixed, but it's way too complicated. Since # integration tests also skip checkpoint tests on Ubuntu, do the same here. if is_ubuntu; then - skip "FIXME: checkpointing broken in Ubuntu 2004, 2104, 2110, ..." + skip "FIXME: checkpointing broken in Ubuntu 2004, 2104, 2110, 2204, ..." fi # None of these tests work rootless.... |