| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Support the `X-Registry-Auth` http-request header.
* The content of the header is a base64 encoded JSON payload which can
either be a single auth config or a map of auth configs (user+pw or
token) with the corresponding registries being the keys. Vanilla
Docker, projectatomic Docker and the bindings are transparantly
supported.
* Add a hidden `--registries-conf` flag. Buildah exposes the same
flag, mostly for testing purposes.
* Do all credential parsing in the client (i.e., `cmd/podman`) pass
the username and password in the backend instead of unparsed
credentials.
* Add a `pkg/auth` which handles most of the heavy lifting.
* Go through the authentication-handling code of most commands, bindings
and endpoints. Migrate them to the new code and fix issues as seen.
A final evaluation and more tests is still required *after* this
change.
* The manifest-push endpoint is missing certain parameters and should
use the ABI function instead. Adding auth-support isn't really
possible without these parts working.
* The container commands and endpoints (i.e., create and run) have not
been changed yet. The APIs don't yet account for the authfile.
* Add authentication tests to `pkg/bindings`.
Fixes: #6384
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
Add support for `readonly` option to --mount
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is just an alias to the `ro` option, but it's already in the
manpages (and Docker) so we might as well add support for it.
Fixes #6379
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | |
| | |
| | | |
containers/dependabot/go_modules/github.com/stretchr/testify-1.6.0
Bump github.com/stretchr/testify from 1.5.1 to 1.6.0
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.5.1 to 1.6.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.5.1...v1.6.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
Ensure that signal names can be parsed on Windows
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
To ensure the Windows and OS X remote clients can properly parse
container stop signal (when given as a name e.g. SIGTERM) and
set it in SpecGen, we need access to a list of Linux signal names
and the numbers they map to that is available on non-Linux OSes.
Fortunately, these are ABI constants that are extremely unlikely
to change, so we can just take the existing constant definitions
from the library and use them.
The signal numbers used here are sourced from AMD64, but should
be the same for every architecture that is not Alpha, SPARC,
MIPS, and PA-RISC. So `podman run --stop-signal SIGTTOU` from a
Windows client to a Podman service on a SPARC host will set an
incorrect stop signal, but I don't think this is a large problem.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Vendor in containers/common v0.12.0
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
V2 verify JSON output is consistent and doesn't drift
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
$ cd test/apiv2
$ python -m unittest -v test_rest_v1_0_0.TestApi
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \
| | | |
| | | | |
fix `ps --last=N`
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix `ps --last=N` to also include non-running containers. Also add an
e2e test to prevent us from regressing in the future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | |
| | | |
| | | | |
chuanchang/add_test_for_image_history_and_exporting
test.apiv2: add testing for displaying image history and exporting image
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add testing for displaying image history and exporting image
Deal with API returning binary (Content-Type =~ 'octet').
When so, set $output to the output of 'file'.
Bug fix: in 't' helper, declare loop var $i as local
to avoid contaminating caller
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Alex Jia <chuanchang.jia@gmail.com>
|
|\ \ \
| | | |
| | | | |
specgen: fix segfault
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
we should not access the devices without checking if the resources are there
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Add streaming ability to endpoint
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Fix builds on 32 Arches.
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
v2 libpod push: correct docs
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The swagger documentation for the libpod push endpoint were not in sync
with the implementation. Correct these docs to reflect the parameters
that are actually supported.
Fixes: #6388
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
Add --format to pod inspect
|
| | |_|/
| |/| |
| | | |
| | | | |
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
container stats: fix --no-stream race
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix a race in `podman container stats` by waiting for the client to
consume the data in the channel. This requires a `sync.WaitGroup` (or
semaphore) in the client and to also close the channel the backend.
Fixes: #6405
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
docs: fix typo
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Similar is misspelled
- a `to` is missing after Similar
Signed-off-by: Damiano Donati <damiano.donati@gmail.com>
|
|\ \ \ \
| |/ / /
|/| | |
| | | |
| | | | |
containers/dependabot/go_modules/github.com/opencontainers/selinux-1.5.2
Bump github.com/opencontainers/selinux from 1.5.1 to 1.5.2
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.5.1 to 1.5.2.
- [Release notes](https://github.com/opencontainers/selinux/releases)
- [Commits](https://github.com/opencontainers/selinux/compare/v1.5.1...v1.5.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |_|/
|/| | |
V2 Fix interface nil checks
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fix Dockerfile
|
| | |/
| |/|
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
podman-registry: fix lost credentials
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
1) fix lost credentials.
must_pass(), added in #6375, eats the credentials
generated via 'podman run --entrypoint htpasswd'.
Run that podman instance directly, and add explicit
error check.
(The error and stdout/stderr handling here has gotten
cumbersome. There must be something I'm missing that
could make it all simpler.)
2) fix default podman path.
When setting $PODMAN, default to the locally built
one -- there may not be one in $PATH (e.g. in
Ubuntu, see #6366). This in turn requires us to:
3) run registry test in integration, not unit test
It looks like unit tests run before podman is built,
causing a chicken-egg dilemma. Try to solve that by
running the new hack/podman-registry-go test in
integration tests, not unit tests.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| |/ /
|/| | |
[CI:DOCS] Tweak casing in rootless doc
|
|/ /
| |
| |
| |
| |
| |
| | |
I just noticed a few 'podman' references that should be
'Podman' in the rootless doc. This fixes it.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \
| | |
| | | |
Allow to change the generated systemd unit name prefix
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
--container-prefix <string> - default 'container'
Systemd unit name prefix for containers
--pod-prefix <string> - default 'pod'
Systemd unit name prefix for pods
--separator <string> - default '-'
Systemd unit name seperator between name/id and prefix
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \ \
| | | |
| | | | |
podman-registry helper script: handle errors
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
My initial revision of the podman-registry helper script
was written in haste, with an enormous tradeoff: no
visibility into any errors. We are now paying for this
in #6366: the script is failing on Ubuntu and we
have no way of knowing why.
This PR adds a must_pass() function used for critical
steps. This runs the action silently; if the command
fails, it displays the failing command name with
full output logs, cleans up the temporary workdir,
and exits with error status.
As a reminder, the reason this is necessary is that
our script convention is to output a series of
environment variables to stdout -- we must therefore
take pains not to emit anything else to stdout.
And, unfortunately, podman and openssl tend to be
rather verbose.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
network compatibility endpoints for API
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
add endpoints for networking compatibility with the API.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Turn on Fedora31 testing.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Vendor in latest containers/buildah
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This will take a significant size away from the podman-remote executables.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
Makefile: customizable $REMOTETAGS
|