summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* podman-remote does not support most of the global flagsDaniel J Walsh2020-10-02
| | | | | | | podman-remote --help is showing a bunch of global flags that it does not support Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #7815 from jwhonce/wip/creds_remoteOpenShift Merge Robot2020-10-02
|\ | | | | Add X-Registry-Config support
| * Add X-Registry-Config supportJhon Honce2020-09-29
| | | | | | | | | | | | | | | | | | | | | | | | * Refactor auth pkg to support X-Registry-Config * Refactor build endpoint to support X-Registry-Config. Supports: * --creds * --authfile * Added X-Reference-Id Header to http.Request to support log event correlation * Log headers from http.Request Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #7877 from baude/compatapiprivOpenShift Merge Robot2020-10-02
|\ \ | | | | | | fix compat api privileged and entrypoint code
| * | fix compat api privileged and entrypoint codebaude2020-10-01
| | | | | | | | | | | | | | | | | | | | | | | | when adding /dev to a privileged container using the compatibility API, we need to make sure we dont pass on devices that are simply symlinks. this was already being done by specgen but not on the compat. side. the entrypoint code that was recently rewritten for the compatibility layer was also failing due to the odd inputs that docker is willing to accept in its json, specifically [] vs "". in the case of the latter, this was being made into a []string with a len of one but no content. this would then be used to prefix the command to run in the container and would fail. For example " ls" vs "ls". Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #7869 from vrothberg/system-untagOpenShift Merge Robot2020-10-02
|\ \ \ | | | | | | | | system test: untag all test
| * | | system test: untag all testValentin Rothberg2020-10-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Extend the system tests to test `podman untag $image` without further arguments to force removing all tags from the image. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #7871 from rhatdan/gidOpenShift Merge Robot2020-10-01
|\ \ \ \ | | | | | | | | | | Add additionalGIDs from users in rootless mode
| * | | | Add additionalGIDs from users in rootless modeDaniel J Walsh2020-10-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is a risk here, that if the GID does not exists within the User Namespace the container will fail to start. This is only likely to happen in HPC Envioronments, and I think we should add a field to disable it for this environment, Added a FIXME for this issue. We currently have this problem with running a rootfull container within a user namespace, it will fail if the GID is not available. I looked at potentially checking the usernamespace that you are assigned to, but I believe this will be very difficult to code up and to figure out. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7874 from rhatdan/volumeOpenShift Merge Robot2020-10-01
|\ \ \ \ \ | | | | | | | | | | | | Podman containers/pods prune should throw an error if user adds args
| * | | | | Podman containers/pods prune should throw an error if user adds argsDaniel J Walsh2020-10-01
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | We are not currently checking if a user accidently adds an argument to all podman * prune commands. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7868 from rhatdan/tuturialOpenShift Merge Robot2020-10-01
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] Update rootless_tutorial.md
| * | | | | Update rootless_tutorial.mdDaniel J Walsh2020-10-01
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | add clarifications in persistently setting unprivileged ping permissions Signed-off-by: fuzxi <opuspam@posteo.de> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7849 from baude/f33testsOpenShift Merge Robot2020-10-01
|\ \ \ \ \ | |_|/ / / |/| | | | misc fixes for f33 integration tests
| * | | | misc fixes for f33 integration testsbaude2020-09-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | some small fixes for testing on fedora 33 (non-btrfs) Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #7735 from QiWang19/manifest-inspectOpenShift Merge Robot2020-10-01
|\ \ \ \ \ | | | | | | | | | | | | fix allowing inspect manifest of non-local image
| * | | | | fix allowing inspect manifest of non-local imageQi Wang2020-09-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support of `podman manifest inspect` returning manifest list of non-local manifest. Close #https://github.com/containers/podman/issues/7726 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | Merge pull request #7835 from Luap99/network-test-cleanupOpenShift Merge Robot2020-10-01
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix some flakes in the e2e network tests.
| * | | | | | Fix some flakes in the e2e network tests.Paul Holzinger2020-10-01
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The network test created config files with random filenames but the network name was static. Since the tests can run in parallel podman was not able to distinguish the networks. We need to make sure that each test has its own config file and network name. This helps to prevent unnecessary flakes. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | | Merge pull request #7846 from rhatdan/rootlessOpenShift Merge Robot2020-10-01
|\ \ \ \ \ \ | | | | | | | | | | | | | | Attempt to test all Broken SkipIfRootless FIXME
| * | | | | | Attempt to test all Broken SkipIfRootless FIXMEDaniel J Walsh2020-09-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | Merge pull request #7864 from rhatdan/volumeOpenShift Merge Robot2020-10-01
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | | Volume prune should not pass down the force flag
| * | | | | | Volume prune should not pass down the force flagDaniel J Walsh2020-10-01
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman volume prune -f Should just tell the prune command to not prompt for confirmation. It should not be passing the prune flag into the API. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #7851 from zhangguanzhang/fix-apiv2-ctr-workdir-and-envOpenShift Merge Robot2020-10-01
|\ \ \ \ \ \ | |/ / / / / |/| | | | | [apiv2] don't ignore the ENV and WorkDir from the image
| * | | | | fix: The container created by APIV2 has an incorrect Env and WorkDirzhangguanzhang2020-10-01
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | | | Merge pull request #7848 from cevich/fix_testsOpenShift Merge Robot2020-10-01
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix two e2e tests
| * | | | | | Distinguish userns vs containerized testsChris Evich2020-09-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The systemd test was inaccurately being skipped when a userns env. var. flag was set. At best this is confusing to new developers, and at worse it actively blocks an otherwise legitimate class of tests. Improve the accuracy of skip-logic by adding/using a purpose built set of functions. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | | Fix ubuntu exec_testChris Evich2020-09-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Test passes on Fedora because the registry server is one of the defaults. However it is not typically configured on Ubuntu hosts, and therefor this test can fail. While specifying the FQIN in the dockerfile text is not an ideal solution, it cannot negatively affect other tests which utilize `podmanTest.BuildImage`. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | | Merge pull request #7858 from jwhonce/wip/http_proxyOpenShift Merge Robot2020-10-01
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Support --http-proxy for remote builds
| * | | | | | | Support --http-proxy for remote buildsJhon Honce2020-09-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix misspelled parameter * add http-proxy support for builds http_proxy must be set in the podman.service unit file, for example Environment=http_proxy=<value> Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | | | Merge pull request #7823 from vrothberg/fix-6381OpenShift Merge Robot2020-10-01
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | | image look up: consult registries.conf
| * | | | | | | image look up: consult registries.confValentin Rothberg2020-09-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When looking up local images, take the unqualified-serach registries of the registries.conf into account (on top of "localhost/"). Also extend the integration tests to prevent future regressions. Fixes: #6381 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | | | | pkg/registries: add a retiring noteValentin Rothberg2020-09-30
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The registries package should be retired. It was introduced as an easier to use wrapper around c/image `sysregistries` which has been replaced by `sysregistriesv2` a long while ago. Users should either use the `sysregistriesv2` package directly or, even better, we cache the config in libpod's image runtime to prevent redundant (and ~expensive) parsing of the registries.conf files. For now, just add a note in hope we'll not forgert about it when we find time in the future. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | | Merge pull request #7834 from xordspar0/patch-1OpenShift Merge Robot2020-09-30
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | | Don't disable Go modules when generating varlink
| * | | | | | Don't disable Go modules when generating varlinkJordan Christiansen2020-09-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From a fresh install of Fedora 33 Beta and a fresh clone of the repo, `make` fails with the following error when Go modules are disabled: # Only generate the varlink code on Linux (see issue #4814). GO111MODULE=off go generate ./pkg/varlink/... ../../vendor/github.com/varlink/go/cmd/varlink-go-interface-generator/main.go:12:2: cannot find package "github.com/varlink/go/varlink/idl" in any of: /usr/lib/golang/src/github.com/varlink/go/varlink/idl (from $GOROOT) /home/test/src/podman/_output/src/github.com/varlink/go/varlink/idl (from $GOPATH) pkg/varlink/generate.go:3: running "go": exit status 1 make: *** [Makefile:646: pkg/varlink/iopodman.go] Error 1 Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | | | | | | Merge pull request #7798 from QiWang19/run-manifestOpenShift Merge Robot2020-09-30
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | | Use local image if input image is a manifest list
| * | | | | | Use local image if input image is a manifest listQi Wang2020-09-30
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | If run&create image returns error: image contains manifest list, not a runnable image, find the local image that has digest matching the digest from the list and use the image from local storage for the command. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | Merge pull request #7820 from giuseppe/fix-capabilities-not-rootOpenShift Merge Robot2020-09-30
|\ \ \ \ \ \ | | | | | | | | | | | | | | capabilities: always set ambient and inheritable
| * | | | | | capabilities: always set ambient and inheritableGiuseppe Scrivano2020-09-30
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | change capabilities handling to reflect what docker does. Bounding: set to caplist Inheritable: set to caplist Effective: if uid != 0 then clear; else set to caplist Permitted: if uid != 0 then clear; else set to caplist Ambient: clear Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #7847 from rhatdan/networkOpenShift Merge Robot2020-09-30
|\ \ \ \ \ \ | | | | | | | | | | | | | | Make the e2e test network cleanup more robust.
| * | | | | | Make the e2e test network cleanup more robust.Daniel J Walsh2020-09-30
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to handle removal of non existing network. This allows the `removeCNINetwork` function always to be called. This is needed by tests which are trying to remove the network manually in order to prevent flakes. Fixes #7809 Signed-off-by: Paul Holzinger <paul.holzinger@web.de> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #7833 from jwhonce/issues/7826OpenShift Merge Robot2020-09-30
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | Refactor IdleTracker to handle StateIdle transitions
| * | | | | Refactor IdleTracker to handle StateIdle transitionsJhon Honce2020-09-29
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove stutter naming for package and types * Stop treating StateIdle the same as StateClosed, rather transitions to StateIdle will keep API timeout window open * Remove redundate code Fixes #7826 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | Merge pull request #7840 from vrothberg/remote-untagOpenShift Merge Robot2020-09-30
|\ \ \ \ \ | | | | | | | | | | | | fix remote untag
| * | | | | fix remote untagValentin Rothberg2020-09-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the remote client to untag all tags of the specified image. Instead of querying the image on the client side, support the case where both, repo and tag, are empty and remove all tags. Reuse the ABI implementation where possible. In retrospective, the libpod untag endpoint should support a slice of strings to batch remove tags rather than reaching out for each tag individually. Enable the skipped test. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | Merge pull request #7841 from AkihiroSuda/fix-7789OpenShift Merge Robot2020-09-30
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | rootless-cni-infra v3: fix cleaning up DNS entries
| * | | | | libpod: bump up rootless-cni-infra to v3Akihiro Suda2020-09-30
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
| * | | | | rootless-cni-infra v3: fix cleaning up DNS entriesAkihiro Suda2020-09-30
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix "Old DNS entries are not cleaned up" by passing CNI_ARGS to `cnitool del`. Fix #7789 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* | | | | Merge pull request #7831 from rhatdan/envOpenShift Merge Robot2020-09-30
|\ \ \ \ \ | | | | | | | | | | | | We already set container=podman environment variable
| * | | | | We already set container=podman environment variableDaniel J Walsh2020-09-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Only need to set container, no need for containers Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>