summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* compat handlers: add X-Registry-Auth header supportValentin Rothberg2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support the `X-Registry-Auth` http-request header. * The content of the header is a base64 encoded JSON payload which can either be a single auth config or a map of auth configs (user+pw or token) with the corresponding registries being the keys. Vanilla Docker, projectatomic Docker and the bindings are transparantly supported. * Add a hidden `--registries-conf` flag. Buildah exposes the same flag, mostly for testing purposes. * Do all credential parsing in the client (i.e., `cmd/podman`) pass the username and password in the backend instead of unparsed credentials. * Add a `pkg/auth` which handles most of the heavy lifting. * Go through the authentication-handling code of most commands, bindings and endpoints. Migrate them to the new code and fix issues as seen. A final evaluation and more tests is still required *after* this change. * The manifest-push endpoint is missing certain parameters and should use the ABI function instead. Adding auth-support isn't really possible without these parts working. * The container commands and endpoints (i.e., create and run) have not been changed yet. The APIs don't yet account for the authfile. * Add authentication tests to `pkg/bindings`. Fixes: #6384 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6380 from mheon/fix_mount_readonlyOpenShift Merge Robot2020-05-29
|\ | | | | Add support for `readonly` option to --mount
| * Add support for `readonly` option to --mountMatthew Heon2020-05-26
| | | | | | | | | | | | | | | | | | This is just an alias to the `ro` option, but it's already in the manpages (and Docker) so we might as well add support for it. Fixes #6379 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6429 from ↵OpenShift Merge Robot2020-05-29
|\ \ | | | | | | | | | | | | containers/dependabot/go_modules/github.com/stretchr/testify-1.6.0 Bump github.com/stretchr/testify from 1.5.1 to 1.6.0
| * | Bump github.com/stretchr/testify from 1.5.1 to 1.6.0dependabot-preview[bot]2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.5.1 to 1.6.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.5.1...v1.6.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6419 from mheon/signal_parse_windowsOpenShift Merge Robot2020-05-29
|\ \ \ | | | | | | | | Ensure that signal names can be parsed on Windows
| * | | Ensure that signal names can be parsed on WindowsMatthew Heon2020-05-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To ensure the Windows and OS X remote clients can properly parse container stop signal (when given as a name e.g. SIGTERM) and set it in SpecGen, we need access to a list of Linux signal names and the numbers they map to that is available on non-Linux OSes. Fortunately, these are ABI constants that are extremely unlikely to change, so we can just take the existing constant definitions from the library and use them. The signal numbers used here are sourced from AMD64, but should be the same for every architecture that is not Alpha, SPARC, MIPS, and PA-RISC. So `podman run --stop-signal SIGTTOU` from a Windows client to a Podman service on a SPARC host will set an incorrect stop signal, but I don't think this is a large problem. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #6423 from rhatdan/VENDOROpenShift Merge Robot2020-05-29
|\ \ \ \ | |_|/ / |/| | | Vendor in containers/common v0.12.0
| * | | Vendor in containers/common v0.12.0Daniel J Walsh2020-05-28
| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6420 from jwhonce/wip/jsonOpenShift Merge Robot2020-05-28
|\ \ \ \ | |/ / / |/| | | V2 verify JSON output is consistent and doesn't drift
| * | | V2 verify JSON output is consistent and doesn't driftJhon Honce2020-05-28
|/ / / | | | | | | | | | | | | | | | | | | $ cd test/apiv2 $ python -m unittest -v test_rest_v1_0_0.TestApi Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #6416 from vrothberg/fix-ps-lastOpenShift Merge Robot2020-05-28
|\ \ \ | | | | | | | | fix `ps --last=N`
| * | | fix `ps --last=N`Valentin Rothberg2020-05-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix `ps --last=N` to also include non-running containers. Also add an e2e test to prevent us from regressing in the future. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #6391 from ↵OpenShift Merge Robot2020-05-28
|\ \ \ \ | |/ / / |/| | | | | | | | | | | chuanchang/add_test_for_image_history_and_exporting test.apiv2: add testing for displaying image history and exporting image
| * | | test.apiv2: add testing for image and deal with API returning binaryAlex Jia2020-05-28
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add testing for displaying image history and exporting image Deal with API returning binary (Content-Type =~ 'octet'). When so, set $output to the output of 'file'. Bug fix: in 't' helper, declare loop var $i as local to avoid contaminating caller Signed-off-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Alex Jia <chuanchang.jia@gmail.com>
* | | Merge pull request #6410 from haircommander/fix-segfaultOpenShift Merge Robot2020-05-27
|\ \ \ | | | | | | | | specgen: fix segfault
| * | | specgen: fix segfaultPeter Hunt2020-05-27
| | | | | | | | | | | | | | | | | | | | | | | | we should not access the devices without checking if the resources are there Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | | Merge pull request #6407 from baude/v2eventsstreamOpenShift Merge Robot2020-05-27
|\ \ \ \ | |/ / / |/| | | Add streaming ability to endpoint
| * | | Add streaming ability to endpointBrent Baude2020-05-27
| | | | | | | | | | | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #6398 from rhatdan/32bitOpenShift Merge Robot2020-05-27
|\ \ \ \ | | | | | | | | | | Fix builds on 32 Arches.
| * | | | Fix builds on 32 bit archesDaniel J Walsh2020-05-27
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #6403 from vrothberg/push-swaggerOpenShift Merge Robot2020-05-27
|\ \ \ \ \ | |_|/ / / |/| | | | v2 libpod push: correct docs
| * | | | v2 libpod push: correct docsValentin Rothberg2020-05-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The swagger documentation for the libpod push endpoint were not in sync with the implementation. Correct these docs to reflect the parameters that are actually supported. Fixes: #6388 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #6372 from boaz0/gh_6283OpenShift Merge Robot2020-05-27
|\ \ \ \ \ | |_|/ / / |/| | | | Add --format to pod inspect
| * | | | Add --format to pod inspectBoaz Shuster2020-05-27
| | |_|/ | |/| | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | | Merge pull request #6406 from vrothberg/stats-raceOpenShift Merge Robot2020-05-27
|\ \ \ \ | | | | | | | | | | container stats: fix --no-stream race
| * | | | container stats: fix --no-stream raceValentin Rothberg2020-05-27
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a race in `podman container stats` by waiting for the client to consume the data in the channel. This requires a `sync.WaitGroup` (or semaphore) in the client and to also close the channel the backend. Fixes: #6405 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #6396 from damdo/docs-fix-typoOpenShift Merge Robot2020-05-26
|\ \ \ \ | |_|_|/ |/| | | docs: fix typo
| * | | docs: fix typoDamiano Donati2020-05-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - Similar is misspelled - a `to` is missing after Similar Signed-off-by: Damiano Donati <damiano.donati@gmail.com>
* | | | Merge pull request #6385 from ↵OpenShift Merge Robot2020-05-26
|\ \ \ \ | |/ / / |/| | | | | | | | | | | containers/dependabot/go_modules/github.com/opencontainers/selinux-1.5.2 Bump github.com/opencontainers/selinux from 1.5.1 to 1.5.2
| * | | Bump github.com/opencontainers/selinux from 1.5.1 to 1.5.2dependabot-preview[bot]2020-05-26
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.5.1 to 1.5.2. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](https://github.com/opencontainers/selinux/compare/v1.5.1...v1.5.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6363 from jwhonce/wip/attachOpenShift Merge Robot2020-05-26
|\ \ \ | |_|/ |/| | V2 Fix interface nil checks
| * | V2 Fix interface nil checksJhon Honce2020-05-26
| | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #6393 from rhatdan/dockerfileOpenShift Merge Robot2020-05-26
|\ \ \ | | | | | | | | Fix Dockerfile
| * | | Fix DockerfileDaniel J Walsh2020-05-26
| | |/ | |/| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6390 from edsantiago/registry_show_errorsOpenShift Merge Robot2020-05-26
|\ \ \ | | | | | | | | podman-registry: fix lost credentials
| * | | podman-registry: many unrelated fixesEd Santiago2020-05-26
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) fix lost credentials. must_pass(), added in #6375, eats the credentials generated via 'podman run --entrypoint htpasswd'. Run that podman instance directly, and add explicit error check. (The error and stdout/stderr handling here has gotten cumbersome. There must be something I'm missing that could make it all simpler.) 2) fix default podman path. When setting $PODMAN, default to the locally built one -- there may not be one in $PATH (e.g. in Ubuntu, see #6366). This in turn requires us to: 3) run registry test in integration, not unit test It looks like unit tests run before podman is built, causing a chicken-egg dilemma. Try to solve that by running the new hack/podman-registry-go test in integration tests, not unit tests. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #6394 from TomSweeneyRedHat/dev/tsweeney/uppercaseOpenShift Merge Robot2020-05-26
|\ \ \ | |/ / |/| | [CI:DOCS] Tweak casing in rootless doc
| * | [CI:DOCS] Tweak casing in rootless docTomSweeneyRedHat2020-05-26
|/ / | | | | | | | | | | | | I just noticed a few 'podman' references that should be 'Podman' in the rootless doc. This fixes it. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Merge pull request #6321 from Luap99/podman-generate-systemd-unit-prefixOpenShift Merge Robot2020-05-25
|\ \ | | | | | | Allow to change the generated systemd unit name prefix
| * | Added new flags to 'podman generate systemd' to change the unit name prefixLuap992020-05-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | --container-prefix <string> - default 'container' Systemd unit name prefix for containers --pod-prefix <string> - default 'pod' Systemd unit name prefix for pods --separator <string> - default '-' Systemd unit name seperator between name/id and prefix Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #6375 from edsantiago/registry_show_errorsOpenShift Merge Robot2020-05-25
|\ \ \ | | | | | | | | podman-registry helper script: handle errors
| * | | podman-registry helper script: handle errorsEd Santiago2020-05-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | My initial revision of the podman-registry helper script was written in haste, with an enormous tradeoff: no visibility into any errors. We are now paying for this in #6366: the script is failing on Ubuntu and we have no way of knowing why. This PR adds a must_pass() function used for critical steps. This runs the action silently; if the command fails, it displays the failing command name with full output logs, cleans up the temporary workdir, and exits with error status. As a reminder, the reason this is necessary is that our script convention is to output a series of environment variables to stdout -- we must therefore take pains not to emit anything else to stdout. And, unfortunately, podman and openssl tend to be rather verbose. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #6238 from baude/v2compatnetOpenShift Merge Robot2020-05-25
|\ \ \ \ | | | | | | | | | | network compatibility endpoints for API
| * | | | network compatibility endpoints for APIBrent Baude2020-05-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add endpoints for networking compatibility with the API. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #6359 from rhatdan/build4OpenShift Merge Robot2020-05-25
|\ \ \ \ \ | | | | | | | | | | | | Turn on Fedora31 testing.
| * | | | | Turn on Fedora testingDaniel J Walsh2020-05-23
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #6367 from rhatdan/VENDOROpenShift Merge Robot2020-05-25
|\ \ \ \ \ \ | | | | | | | | | | | | | | Vendor in latest containers/buildah
| * | | | | | Vendor in latest containers/buildahDaniel J Walsh2020-05-23
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This will take a significant size away from the podman-remote executables. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #6373 from lsm5/Makefile-custom-REMOTETAGSOpenShift Merge Robot2020-05-25
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Makefile: customizable $REMOTETAGS