summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #12469 from Luap99/ns-teardown-flakeOpenShift Merge Robot2021-12-02
|\ | | | | Fix possible rootless netns cleanup race
| * Fix possible rootless netns cleanup racePaul Holzinger2021-12-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rootlessNetNS.Cleanup() has an issue with how it detects if cleanup is needed, reading the container state is not good ebough because containers are first stopped and than cleanup will be called. So at one time two containers could wait for cleanup but the second one will fail because the first one triggered already the cleanup thus making rootless netns unavailable for the second container resulting in an teardown error. Instead of checking the container state we need to check the netns state. Secondly, podman unshare --rootless-netns should not do the cleanup. This causes more issues than it is worth fixing. Users also might want to use this to setup the namespace in a special way. If unshare also cleans this up right away we cannot do this. [NO NEW TESTS NEEDED] Fixes #12459 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #12471 from edsantiago/e2e_tmpdir_cleanupOpenShift Merge Robot2021-12-02
|\ \ | | | | | | e2e tmpdir cleanup
| * | remove ARTIFACT_DIR and ArtifactPathEd Santiago2021-12-01
| | | | | | | | | | | | | | | | | | ...they're not actually used for anything Signed-off-by: Ed Santiago <santiago@redhat.com>
| * | Image caches: allow overriding cache dirEd Santiago2021-12-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Images were being cached in /tmp, with no option to override. Now $PODMAN_TEST_IMAGE_CACHE_DIR can be used to point to a user-preferred location. If unset, try $TMPDIR before settling on /tmp. Also: refactor the logic for determining the tarball name. Also: include registry name in tarball name. Also: clean up unused/unnecessary code Also: do not echo "Restoring..." if we're not actually restoring. Signed-off-by: Ed Santiago <santiago@redhat.com>
| * | Rename CrioRoot as just RootEd Santiago2021-12-01
| | | | | | | | | | | | | | | | | | | | | ...and remove other uses of "crio". They're confusing and misleading. (I'm sure it made sense at one time) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #12425 from tnk4on/remote-build-eval-containerfileOpenShift Merge Robot2021-12-02
|\ \ \ | | | | | | | | Fixed the containerfile not found during remote build
| * | | Fixed the containerfile not found during remote build.Shion Tanaka2021-11-30
| | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Shion Tanaka <shtanaka@redhat.com>
* | | | Merge pull request #12472 from rhatdan/ownersOpenShift Merge Robot2021-12-01
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Add ashley-cui, lsm5 and floutoc to owners
| * | | | Add ashley-cui, lsm5 and floutoc to ownersDaniel J Walsh2021-12-01
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #12458 from edsantiago/remove_betrueOpenShift Merge Robot2021-12-01
|\ \ \ \ \ | |/ / / / |/| | | | e2e: yet more cleanup of BeTrue/BeFalse
| * | | | e2e: yet more cleanup of BeTrue/BeFalseEd Santiago2021-11-30
| | |_|/ | |/| | | | | | | | | | | | | | | | | | Thanks to Paul for teaching me about HaveKey() Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #12460 from jwhonce/issues/10974-1OpenShift Merge Robot2021-12-01
|\ \ \ \ | | | | | | | | | | [NO NEW TESTS NEEDED] Refactor podman container command output
| * | | | [NO NEW TESTS NEEDED] Refactor podman container command outputJhon Honce2021-12-01
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Leverage new report.Formatter allowing better compatibility from podman command output. See #10974 See #12455 Depends on containers/common#831 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #12307 from hshiina/device-weightOpenShift Merge Robot2021-12-01
|\ \ \ \ | | | | | | | | | | Implement 'podman run --blkio-weight-device'
| * | | | Implement 'podman run --blkio-weight-device'Hironori Shiina2021-11-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `--blkio-weight-device` is not fully implemented and this causes an unexpected panic when specified because an entry is put into an uninitialized map at parsing. This fix implements the `--blkio-weight-device` and adds a system test. When creating a spec generator on a client, a major number and a minor number of a device cannot be set. So, these numbers are inspected on a server and set to a runtime spec. Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
* | | | | Merge pull request #12450 from giuseppe/compression-formatOpenShift Merge Robot2021-12-01
|\ \ \ \ \ | | | | | | | | | | | | podman, push: expose --compression-format
| * | | | | podman, push: expose --compression-formatGiuseppe Scrivano2021-12-01
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | support overriding the compression format at push time. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #12464 from giuseppe/fix-race-reading-cgroup-fileOpenShift Merge Robot2021-12-01
|\ \ \ \ \ | |_|_|_|/ |/| | | | container, cgroup: detect pid termination
| * | | | container, cgroup: detect pid terminationGiuseppe Scrivano2021-12-01
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the /proc/$PID/cgroup file doesn't exist, then it is likely the container was terminated in the meanwhile so report ErrCtrStopped that is already handled instead of ENOENT. commit a66f40b4df039e94572fa38c070207a435cfa466 introduced the regression. Closes: https://github.com/containers/podman/issues/12457 [NO NEW TESTS NEEDED] it solves a race in the CI that is difficult to reproduce. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #12462 from vrothberg/fix-12452OpenShift Merge Robot2021-12-01
|\ \ \ \ | |/ / / |/| | | top: parse ps(1) args correctly
| * | | top: parse ps(1) args correctlyValentin Rothberg2021-12-01
| |/ / | | | | | | | | | | | | | | | | | | The arguments of ps(1) should be shlexed. Fixes: #12452 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #12454 from edsantiago/remove_betrueOpenShift Merge Robot2021-11-30
|\ \ \ | | | | | | | | More BeTrue cleanup
| * | | a few more manual BeTrue cleanupsEd Santiago2021-11-30
| | | | | | | | | | | | | | | | Signed-off-by: Ed Santiago <santiago@redhat.com>
| * | | Convert strings.Contains() to Expect(ContainSubstring)Ed Santiago2021-11-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | ...done manually, not via sed, because some of the inner expressions include nested commas. Signed-off-by: Ed Santiago <santiago@redhat.com>
| * | | e2e tests: more cleanup of BeTrue()sEd Santiago2021-11-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Write a BeValidJSON() matcher, and replace IsJSONOutputValid(): sed -i -e 's/Expect(\(.*\)\.IsJSONOutputValid()).To(BeTrue())/Expect(\1.OutputToString())\.To(BeValidJSON())/' test/e2e/*_test.go (Plus a few manual tweaks) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #12414 from flouthoc/api-allow-secretsOpenShift Merge Robot2021-11-30
|\ \ \ \ | |/ / / |/| | | tunnel: allow `remote` and `API` to accept `--secrets`
| * | | podman-remote: prevent leaking secret into imageAditya Rajan2021-11-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevents temp secrets leaking into image by moving it away from context directory to parent builder directory. Builder directory automatically gets cleaned up when we are done with the build. Signed-off-by: Aditya Rajan <arajan@redhat.com>
| * | | podman-remote: copy secret to contextdir is absolute path on hostAditya Rajan2021-11-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman remote must treat build secrets as part of context directory. If secret path is absolute path on host copy it to tar file and pass it to remote server. Signed-off-by: Aditya Rajan <arajan@redhat.com>
| * | | api: allow build api to accept secretsAditya Rajan2021-11-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following commit makes sure that `build` api can accept external secret and allows currently `NOOP` `podman-remote build -t tag --secret id=mysecret,src=/path/on/remote` to become functional. Just like `docker` following api is a hidden field and only exposed to `podman-remote` but could document it if it needs exposed on `swagger`. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | | Merge pull request #12449 from vrothberg/fix-12438OpenShift Merge Robot2021-11-30
|\ \ \ \ | | | | | | | | | | systemd: replace multi-user with default.target
| * | | | systemd: replace multi-user with default.targetValentin Rothberg2021-11-30
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace `multi-user.target` with `default.target` across the code base. It seems like the multi-user one is not available for (rootless) users on F35 anymore is causing issues in all kinds of ways, for instance, enabling the podman.service or generated systemd units. Fixes: #12438 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #12435 from vrothberg/fix-12320OpenShift Merge Robot2021-11-30
|\ \ \ \ | |/ / / |/| | | compat API: allow enforcing short-names resolution to Docker Hub
| * | | compat API: allow enforcing short-names resolution to Docker HubValentin Rothberg2021-11-30
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Docker-compatible REST API has historically behaved just as the rest of Podman and Buildah (and the atomic Docker in older RHEL/Fedora) where `containers-registries.conf` is centrally controlling which registries a short name may resolve to during pull or local image lookups. Please refer to a blog for more details [1]. Docker, however, is only resolving short names to docker.io which has been reported (see #12320) to break certain clients who rely on this behavior. In order to support this scenario, `containers.conf(5)` received a new option to control whether Podman's compat API resolves to docker.io only or behaves as before. Most endpoints allow for directly normalizing parameters that represent an image. If set in containers.conf, Podman will then normalize the references directly to docker.io. The build endpoint is an outlier since images are also referenced in Dockerfiles. The Buildah API, however, supports specifying a custom `types.SystemContext` in which we can set a field that enforces short-name resolution to docker.io in `c/image/pkg/shortnames`. Notice that this a "hybrid" approach of doing the normalization directly in the compat endpoints *and* in `pkg/shortnames` by passing a system context. Doing such a hybrid approach is neccessary since the compat and the libpod endpoints share the same `libimage.Runtime` which makes a global enforcement via the `libimage.Runtime.systemContext` impossible. Having two separate runtimes for the compat and the libpod endpoints seems risky and not generally applicable to all endpoints. [1] https://www.redhat.com/sysadmin/container-image-short-names Fixes: #12320 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #12408 from rhatdan/stdoutOpenShift Merge Robot2021-11-30
|\ \ \ | |/ / |/| | Only open save output file with WRONLY
| * | Only open save output file with WRONLYDaniel J Walsh2021-11-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous code fails on a MAC when opening /dev/stdout Fixes: https://github.com/containers/podman/issues/12402 [NO NEW TESTS NEEDED] No easy way to test this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #12412 from rhatdan/manOpenShift Merge Robot2021-11-29
|\ \ \ | | | | | | | | [CI:DOCS] List /etc/containers/certs.d as default for --cert-path
| * | | List /etc/containers/certs.d as default for --cert-pathDaniel J Walsh2021-11-29
| | | | | | | | | | | | | | | | | | | | | | | | Helps Document https://github.com/containers/podman/issues/10116 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #12407 from edsantiago/bindings_test_add_gitcommitOpenShift Merge Robot2021-11-29
|\ \ \ \ | | | | | | | | | | Bindings test: emit GIT_COMMIT, for links in logs
| * | | | Bindings test: emit GIT_COMMIT, for links in logsEd Santiago2021-11-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a magic 'echo' to runner.sh, displaying $GIT_COMMIT in a special syntax. The logformatter script, seeing this, will hyperlink error messages to the failing source file. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #12439 from rhatdan/DockerfileOpenShift Merge Robot2021-11-29
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] Move the chown to after the ADDs
| * | | | | Move the chown to after the ADDsDaniel J Walsh2021-11-29
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I have noticed that the containers.conf file in the /home/podman directory is owned by root and not Podman. This change fixes the ownership. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #12405 from flouthoc/compat-build-errorOpenShift Merge Robot2021-11-29
|\ \ \ \ \ | |_|_|/ / |/| | | | compat: Add compatiblity with `Docker/Moby` API for scenarios where build fails.
| * | | | compat: Add compatiblity with Docker/Moby API for scenarios where build failsAditya Rajan2021-11-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to maintain compatiblity with `moby API` we must the field `errorDetail` which is primary error reporting field with stream. Currently podman is using `error` which is already deprecated by moby. Check: https://github.com/moby/moby/blob/master/pkg/jsonmessage/jsonmessage.go#L147 [NO NEW TESTS NEEDED] We can't test this in podman CI since we dont have a docker client. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | | | Merge pull request #12433 from matejvasek/fix-mount-parsingOpenShift Merge Robot2021-11-29
|\ \ \ \ \ | | | | | | | | | | | | fix: parsing of HostConfig.Mounts for container create
| * | | | | fix: parsing of HostConfig.Mounts for container createMatej Vasek2021-11-29
| | |/ / / | |/| | | | | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | | | Merge pull request #12401 from edsantiago/lint_testsOpenShift Merge Robot2021-11-29
|\ \ \ \ \ | |/ / / / |/| | | | e2e tests: enable golint
| * | | | e2e tests: enable golintEd Santiago2021-11-29
|/ / / / | | | | | | | | | | | | | | | | | | | | ...and fix problems found therewith. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #12431 from matejvasek/fix-ctr-archive-epOpenShift Merge Robot2021-11-29
|\ \ \ \ | |_|_|/ |/| | | fix: error reporting for archive endpoint
| * | | fix: error reporting for archive endpointMatej Vasek2021-11-28
|/ / / | | | | | | | | | | | | | | | Returning 500 when copying to read-only destination. Signed-off-by: Matej Vasek <mvasek@redhat.com>