summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #8693 from giuseppe/drop-valid-id-in-userns-checkOpenShift Merge Robot2020-12-14
|\ | | | | podman: drop checking valid rootless UID
| * podman: drop checking valid rootless UIDGiuseppe Scrivano2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | do not check whether the specified ID is valid in the user namespace. crun handles this case[1], so the check in Podman prevents to get to the OCI runtime at all. $ podman run --user 10:0 --uidmap 0:0:1 --rm -ti fedora:33 sh -c 'id; cat /proc/self/uid_map' uid=10(10) gid=0(root) groups=0(root),65534(nobody) 10 0 1 [1] https://github.com/containers/crun/pull/556 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #8689 from bblenard/issue-8672-volume-pruneOpenShift Merge Robot2020-12-14
|\ \ | | | | | | Add volume prune --filter support
| * | Add volume prune --filter supportBaron Lenardson2020-12-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change adds support for the `--filter` / `?filters` arguments on the `podman volume prune` subcommand. * Adds ParseFilterArgumentsIntoFilters helper for consistent Filter string slice handling * Adds `--filter` support to podman volume prune cli * Adds `?filters...` support to podman volume prune api * Updates apiv2 / e2e tests Closes #8672 Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
* | | Merge pull request #8699 from Luap99/network-flag-completionOpenShift Merge Robot2020-12-14
|\ \ \ | | | | | | | | shell completion for the network flag
| * | | shell completion for the network flagPaul Holzinger2020-12-12
| | | | | | | | | | | | | | | | | | | | | | | | Complete all the options e.g. `container:`,`ns:`,`host`, etc... Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #8553 from baude/composeciOpenShift Merge Robot2020-12-12
|\ \ \ \ | | | | | | | | | | add compose regression to ci
| * | | | add compose test descriptionsbaude2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | adding compose test descriptions and validations. Signed-off-by: baude <bbaude@redhat.com>
| * | | | test-compose: rewrite to new subdir formEd Santiago2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ...in which we use all-local tests Signed-off-by: Ed Santiago <santiago@redhat.com>
| * | | | add compose regression to cibaude2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | to prevent any regressions, we should be running regression tests using compose. Signed-off-by: baude <bbaude@redhat.com>
| * | | | WIP: test docker-composeEd Santiago2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git-fetch a set of docker-compose examples Add a mechanism for 'curl'ing to verify that service is up. For each docker-compose directory: 1) test that it comes up 2) use 'curl' to confirm that the service is up 3) bring it back down Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #7718 from QiWang19/sign-multi-archOpenShift Merge Robot2020-12-12
|\ \ \ \ \ | | | | | | | | | | | | Sign multi-arch images
| * | | | | Sign multi-arch imagesQi Wang2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman image sign handles muti-arch images. --all option to create signature for each manifest from the image manifest list. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | Merge pull request #8676 from jwhonce/issues/7806OpenShift Merge Robot2020-12-11
|\ \ \ \ \ \ | | | | | | | | | | | | | | Refine public key usage when remote
| * | | | | | Refine public key usage when remoteJhon Honce2020-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Move all public key handling into one AuthMethod. Prioritize ssh-agent keys over identity files. * Cache server connection when tunneling, saves one RoundTrip on ssh handshake Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | | Merge pull request #8688 from rhatdan/startOpenShift Merge Robot2020-12-11
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | | Handle --rm when starting a container
| * | | | | | Handle --rm when starting a containerDaniel J Walsh2020-12-11
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman start should follow the same behaviour as podman run when removing a container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #8686 from Luap99/logs-stderrOpenShift Merge Robot2020-12-11
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | podman logs honor stderr correctly
| * | | | | podman logs honor stderr correctlyPaul Holzinger2020-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make the ContainerLogsOptions support two io.Writers, one for stdout and the other for stderr. The logline already includes the information to which Writer it has to be written. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | | Merge pull request #8690 from zhangguanzhang/apiv2-wrong-ImgNameOpenShift Merge Robot2020-12-11
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix Wrong img name used when creating a container from an image which had multi names
| * | | | | | Fix Wrong image tag is used when creating a container from an image with ↵zhangguanzhang2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | multiple tags Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | | | | Merge pull request #8691 from Luap99/network-compatOpenShift Merge Robot2020-12-11
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | Fix some network compat api problems
| * | | | | | Fix some network compat api problemsPaul Holzinger2020-12-11
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Network create could panic when used with a json body like this: `{"Name":"net","IPAM":{"Config":[]}}` The network scope for list and inspect should not be empty. It can be swarm, global or local. We only support local networks so hardcode this field to local. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | | Merge pull request #8633 from baude/bindings3OpenShift Merge Robot2020-12-11
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Bindings refactor
| * | | | | Bindings refactorbaude2020-12-10
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this is step one of refactoring our golang binaries. we will no be using structs to pass optional options. required options will still arguments to the binding itself. the structs then have a generator to create helper functions which should then be added to the git repo. Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #8664 from rhatdan/pruneOpenShift Merge Robot2020-12-10
|\ \ \ \ \ | |/ / / / |/| | | | Add --filter to podman system prune
| * | | | Add --filter to podman system pruneDaniel J Walsh2020-12-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also document the allowable filters in podman system prune, podman image prune and podman container prune. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #8681 from Luap99/fix-image-exists-panicOpenShift Merge Robot2020-12-10
|\ \ \ \ \ | |_|_|_|/ |/| | | | Fix panic in libpod images exists endpoint
| * | | | Fix panic in libpod images exists endpointPaul Holzinger2020-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The libpod images exists endpoint panics when called with a non existing image and therefore returns 500 as status code instead of the expected 404. A test is added to ensure it is working. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | Merge pull request #8678 from ↵OpenShift Merge Robot2020-12-10
|\ \ \ \ \ | |/ / / / |/| | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containernetworking/plugins-0.9.0 Bump github.com/containernetworking/plugins from 0.8.7 to 0.9.0
| * | | | Bump github.com/containernetworking/plugins from 0.8.7 to 0.9.0dependabot-preview[bot]2020-12-10
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 0.8.7 to 0.9.0. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v0.8.7...v0.9.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8641 from umohnani8/playOpenShift Merge Robot2020-12-10
|\ \ \ \ | |/ / / |/| | | Do not pull if image domain is localhost
| * | | Do not pull if image domain is localhostUrvashi Mohnani2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With podman play kube, podman would always attempt to pull if the image has the :latest tag. But this would fail if the image was built locally and given latest as the tag. Images build with podman and buildah have localhost as the domain, so check if the domain is localhost. If that is the case, then don't attempt a pull. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | | Merge pull request #8636 from ↵OpenShift Merge Robot2020-12-09
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/storage-1.24.3 Bump github.com/containers/storage from 1.24.1 to 1.24.3
| * | | | Fix storage.conf to define driver in the VMDaniel J Walsh2020-12-09
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | | Bump github.com/containers/storage from 1.24.1 to 1.24.3dependabot-preview[bot]2020-12-09
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.24.1 to 1.24.3. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.24.1...v1.24.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8670 from rhatdan/capsOpenShift Merge Robot2020-12-09
|\ \ \ \ | |/ / / |/| | | Properly handle --cap-add all when running with a --user flag
| * | | Properly handle --cap-add all when running with a --user flagDaniel J Walsh2020-12-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Handle the ALL Flag when running with an account as a user. Currently we throw an error when the user specifies podman run --user bin --cap-add all fedora echo hello Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8669 from giuseppe/unmask-also-cover-ro-pathsOpenShift Merge Robot2020-12-09
|\ \ \ \ | | | | | | | | | | security: honor systempaths=unconfined for ro paths
| * | | | security: honor systempaths=unconfined for ro pathsGiuseppe Scrivano2020-12-09
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we must honor systempaths=unconfined also for read-only paths, as Docker does: proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #8659 from ↵OpenShift Merge Robot2020-12-09
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/opencontainers/selinux-1.7.0 Bump github.com/opencontainers/selinux from 1.6.0 to 1.7.0
| * | | | Bump github.com/opencontainers/selinux from 1.6.0 to 1.7.0dependabot-preview[bot]2020-12-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.6.0 to 1.7.0. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](https://github.com/opencontainers/selinux/compare/v1.6.0...v1.7.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #8657 from ↵OpenShift Merge Robot2020-12-09
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/onsi/gomega-1.10.4 Bump github.com/onsi/gomega from 1.10.3 to 1.10.4
| * | | | | Bump github.com/onsi/gomega from 1.10.3 to 1.10.4Daniel J Walsh2020-12-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.10.3 to 1.10.4. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.10.3...v1.10.4) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #8653 from rhatdan/buildahOpenShift Merge Robot2020-12-09
|\ \ \ \ \ \ | | | | | | | | | | | | | | Honor the --layers flag
| * | | | | | Honor the --layers flagDaniel J Walsh2020-12-09
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently the --layers flag set by the user is ignored, and only the BUILDAH_LAYERS environment variable being set is observed. Fixes: https://github.com/containers/podman/issues/8643 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #8635 from Luap99/shell-completion-testOpenShift Merge Robot2020-12-09
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | Add system test for shell completion
| * | | | | Add system test for shell completionPaul Holzinger2020-12-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There exists a unit test to ensure that shell completion functions are defined. However there was no check about the quality of the provided shell completions. Lets change that. The idea is to create a general test that makes sure we are suggesting containers,pods,images... for the correct commands. This works by reading the command use line and checking for each arg if we provide the correct suggestions for this arg. It includes the following tests: - flag suggestions if [options] is set - container, pod, image, network, volume, registry completion - path completion for the appropriate arg KEYWORDS (`PATH`,`CONTEXT`,etc.) - no completion if there are no args - completion for more than one arg if it ends with `...]` The test does not cover completion values for flags and not every arg KEYWORD is supported. This is still a huge improvement and covers most use cases. This test spotted several inconsistencies between the completion and the command use line. All of them have been adjusted to make the test pass. The biggest advantage is that the completions always match the latest command changes. So if someone changes the arguments for a command this ensures that the completions must be adjusted. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | | Merge pull request #8663 from vrothberg/run-950OpenShift Merge Robot2020-12-09
|\ \ \ \ \ \ | | | | | | | | | | | | | | archive endpoint massaging
| * | | | | | pkg/copy: introduce a CopierValentin Rothberg2020-12-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduce a `Copier` object to separate the copy-rule enforcement from copying. That allows for a better error reporting of the REST API. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>