summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Switch all calls to filepath.Walk to filepath.WalkDirDaniel J Walsh2022-03-27
| | | | | | | | | WalkDir should be faster the Walk, since we often do not need to stat files. [NO NEW TESTS NEEDED] Existing tests should find errors. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #13653 from jmontleon/fix-manifest-push-headerOpenShift Merge Robot2022-03-27
|\ | | | | Resolves #13629 Add RegistryAuthHeader to manifest push
| * Resolves #13629 Add RegistryAuthHeader to manifest pushjason2022-03-26
| | | | | | | | Signed-off-by: Jason Montleon <jmontleo@redhat.com>
* | Merge pull request #13660 from rhatdan/errorOpenShift Merge Robot2022-03-27
|\ \ | | | | | | Remove error stutter
| * | Remove error stutterDaniel J Walsh2022-03-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When podman gets an error it prints out "Error: " before printing the error string. If the error message starts with error, we end up with Error: error ... This PR Removes all of these stutters. logrus.Error() also prints out that this is an error, so no need for the error stutter. [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #13639 from ↵Daniel J Walsh2022-03-27
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/docker/docker-20.10.14incompatible build(deps): bump github.com/docker/docker from 20.10.13+incompatible to 20.10.14+incompatible
| * | | build(deps): bump github.com/docker/dockerdependabot[bot]2022-03-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.13+incompatible to 20.10.14+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md) - [Commits](https://github.com/docker/docker/compare/v20.10.13...v20.10.14) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | Merge pull request #13659 from rhatdan/codespellOpenShift Merge Robot2022-03-26
|\ \ \ \ | |_|/ / |/| | | Run codespell to cleanup typos
| * | | Run codespell to cleanup typosDaniel J Walsh2022-03-25
| | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #13658 from ↵OpenShift Merge Robot2022-03-25
|\ \ \ \ | |/ / / |/| | | | | | | | | | | containers/dependabot/go_modules/github.com/rootless-containers/rootlesskit-1.0.0 build(deps): bump github.com/rootless-containers/rootlesskit from 0.14.6 to 1.0.0
| * | | build(deps): bump github.com/rootless-containers/rootlesskitdependabot[bot]2022-03-25
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/rootless-containers/rootlesskit](https://github.com/rootless-containers/rootlesskit) from 0.14.6 to 1.0.0. - [Release notes](https://github.com/rootless-containers/rootlesskit/releases) - [Commits](https://github.com/rootless-containers/rootlesskit/compare/v0.14.6...v1.0.0) --- updated-dependencies: - dependency-name: github.com/rootless-containers/rootlesskit dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
* | | Merge pull request #13662 from giuseppe/fix-ci-test-runMatt Heon2022-03-25
|\ \ \ | | | | | | | | test: fix podman run test as rootless
| * | | test: fix podman run test as rootlessGiuseppe Scrivano2022-03-25
|/ / / | | | | | | | | | | | | | | | aafa80918a245edcbdaceb1191d749570f1872d0 introduced the regression. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #13657 from Akasurde/misc_spellDaniel J Walsh2022-03-25
|\ \ \ | | | | | | | | Misc typo fixes
| * | | Misc typo fixesAbhijeet Kasurde2022-03-25
|/ / / | | | | | | | | | Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* | | Merge pull request #13656 from giuseppe/drop-rhel-7-docDaniel J Walsh2022-03-25
|\ \ \ | | | | | | | | [CI:DOCS] docs: drop note about upcoming RHEL 7.7
| * | | [CI:DOCS] docs: drop note about upcoming RHEL 7.7Giuseppe Scrivano2022-03-25
|/ / / | | | | | | | | | | | | | | | it was released more than two years ago. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #13531 from cdoern/buildOpenShift Merge Robot2022-03-24
|\ \ \ | | | | | | | | Add Context Directory to tar
| * | | add contextDir to tar on remotecdoern2022-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman build fails on remote build when using a relative context directory. This is because the context dir was not being added to the tar, so when remote the compat build function would not be able to stat the contextDir. resolves #13293 Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | | Merge pull request #13622 from rhatdan/systemd1OpenShift Merge Robot2022-03-24
|\ \ \ \ | | | | | | | | | | When running systemd in a container set container_uuid
| * | | | When running systemd in a container set container_uuidDaniel J Walsh2022-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | systemd expects the container_uuid environment variable be set when it is running in a container. Fixes: https://github.com/containers/podman/issues/13187 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #13636 from Luap99/machine-port-proxyDaniel J Walsh2022-03-24
|\ \ \ \ \ | | | | | | | | | | | | podman machine: fix port forwarding with proxy
| * | | | | podman machine: fix port forwarding with proxyPaul Holzinger2022-03-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a user has a http proxy configured the VM will use it. However since gvproxy can only be reached internally from within the VM the port forwarding HTTP API call should not be redirected to the proxy. [NO NEW TESTS NEEDED] Fixes #13628 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #13647 from lsm5/main-cve-2022-21698Daniel J Walsh2022-03-24
|\ \ \ \ \ \ | | | | | | | | | | | | | | Bump github.com/prometheus/client_golang to v1.11.1
| * | | | | | Bump github.com/prometheus/client_golang to v1.11.1Lokesh Mandvekar2022-03-24
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Resolves: CVE-2022-21698 Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | | | | Merge pull request #13637 from Luap99/conmon-errOpenShift Merge Robot2022-03-24
|\ \ \ \ \ \ | | | | | | | | | | | | | | readConmonPipeData: try to improve error
| * | | | | | readConmonPipeData: try to improve errorPaul Holzinger2022-03-24
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue #10927 reports `container create failed (no logs from conmon): EOF` errors. Since we do not know the root cause it would be helpful to try to get as much info as possible out of the error. (buffer).ReadBytes() will return the bytes read even when an error occurs. So when we get an EOF we could still have some valuable information in the buffer. Lets try to unmarshal them and if this fails we add the bytes to the error message. This does not fix the issue but it might help us getting a better error. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #13621 from Luap99/doc-libpodOpenShift Merge Robot2022-03-24
|\ \ \ \ \ \ | | | | | | | | | | | | | | [CI:DOCS] document that using libpod package directly is not supported
| * | | | | | document that using libpod package directly is not supportedPaul Holzinger2022-03-23
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We do not support using the libpod package outside of podman. There is no stable interface which can be used. Instead point users to the API and go bindings. Fixes #13086 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #13602 from edsantiago/size_check_part2OpenShift Merge Robot2022-03-24
|\ \ \ \ \ \ | | | | | | | | | | | | | | Binary growth check, part 2 of 2
| * | | | | | Binary growth check, part 2 of 2Ed Santiago2022-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a CI check to prevent unwanted bloat in binary images, by building a baseline (pre-PR) binary then comparing file sizes post-PR. Part 1 (#13518) added a new script that runs multiple 'make's, comparing image sizes against an original, and failing loudly if growth is too big. An override mechanism is defined. This is part 2 of 2: adding the CI rule. We couldn't do that in part 1, because the rule would call a script that didn't exist in the pre-PR commit. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | | Merge pull request #13274 from jwhonce/wip/manifest_4_mainOpenShift Merge Robot2022-03-24
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Fix manifest 4.0 endpoints
| * | | | | | | Fix manifest 4.0 endpointsJhon Honce2022-03-23
| | |/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] * Branch forced 4.0 only endpoints, which broke bindings * Fix lint error, in new code Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | | Merge pull request #13620 from Luap99/qemu-pathOpenShift Merge Robot2022-03-24
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | podman machine start: lookup qemu path again if not found
| * | | | | | | fix podman machine start log level detectionPaul Holzinger2022-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use logrus.IsLevelEnabled because this will cover all levels below it as well. Currently this condition would fail for the trace log level. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | | | podman machine start: lookup qemu path again if not foundPaul Holzinger2022-03-23
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We store the full path to qemu in the machine config. When the path changes on the host the machine can longer be started. To fix it we get the path again when we fail to start the machine due the missing binary. We want to store and use the full path first because otherwise existing machines can break when the qemu version changed. [NO NEW TESTS NEEDED] We still have no machine tests. Fixes #13394 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | | Merge pull request #13587 from giuseppe/clone-to-podOpenShift Merge Robot2022-03-24
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | container: allow clone to an existing pod
| * | | | | | | container: allow clone to an existing podGiuseppe Scrivano2022-03-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes: https://github.com/containers/podman/issues/3979 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | | specgen: fix typoGiuseppe Scrivano2022-03-24
| | |_|/ / / / | |/| | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | Merge pull request #13635 from Luap99/rpm-remoteOpenShift Merge Robot2022-03-24
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | [CI:DOCS] Remove experimental warning from podman-remote rpm
| * | | | | | | Remove experimental warning from podman-remote rpmPaul Holzinger2022-03-24
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman-remote is considered stable and follows the same semver as podman. Fixes a question on the podman mailing list. https://lists.podman.io/archives/list/podman@lists.podman.io/thread/2DVCU5Z54U4PI5ROTBQXHDBLQSAXAHFU/ Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | | Merge pull request #13638 from Luap99/machine-set-docOpenShift Merge Robot2022-03-24
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | [CI:DOCS] podman machine set: clarify --rootful option
| * | | | | | | podman machine set: clarify --rootful optionPaul Holzinger2022-03-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is not quite clear what the difference between `podman machine set --rootful` and `podman system connection default` is. Add a small note with the difference, the --rootful option will also affect the socket forwarding. Fixes #13515 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | | | Merge pull request from GHSA-qvf8-p83w-v58jGiuseppe Scrivano2022-03-24
|\ \ \ \ \ \ \ \ | |_|_|_|_|/ / / |/| | | | | | | do not set the inheritable capabilities
| * | | | | | | do not set the inheritable capabilitiesGiuseppe Scrivano2022-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The kernel never sets the inheritable capabilities for a process, they are only set by userspace. Emulate the same behavior. Closes: CVE-2022-27649 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | | Merge pull request #13624 from rhatdan/nixOpenShift Merge Robot2022-03-24
|\ \ \ \ \ \ \ \ | |_|_|_|_|_|_|/ |/| | | | | | | Remove nix packages, since no one is supporting this
| * | | | | | | Remove nix packages, since no one is supporting thisDaniel J Walsh2022-03-23
| | |_|_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | Merge pull request #13606 from paralin/play-kube-inmemOpenShift Merge Robot2022-03-24
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | play: kube: support io.reader body arg and remove tempfiles
| * | | | | | play: kube: use in-memory kubefile and remove tempfileChristian Stewart2022-03-24
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The PlayKube and PlayKubeDown commands accepted a "path" argument to a YAML file to play. This requires the caller to write the YAML to a file path. The downside of this is apparent in the HTTP handlers which have to use a temporary file on disk to store the YAML file. The file is opened & used as the body of the HTTP request. It's possible to instead pass a io.Reader and use a fully in-memory request body. Add backwards-compatible changes to bindings to allow passing either a filepath or a io.Reader body. Refactor the podman bindings to use a io.Reader instead of a filepath. Simplify the HTTP handlers for PlayKube by removing the now unneeded tempfile. [NO NEW TESTS NEEDED] Signed-off-by: Christian Stewart <christian@paral.in>
* | | | | | Merge pull request #13634 from flouthoc/fix-podman-set-docsOpenShift Merge Robot2022-03-24
|\ \ \ \ \ \ | |/ / / / / |/| | | | | machine-set: fix example for setting `rootful` flag