| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
Bump buildah to v1.27.0
[NO NEW TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |\
| |
| | |
[4.2] Backport WSL Machine fixes
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When the break out or the WSL environment fails to start, the config
and connections should not be written. Placing them at the end of the
provisioning step will mitigate the issue.
[NO NEW TESTS NEEDED]
Signed-off-by: Gerard Braad <me@gbraad.nl>
|
| | |
| |
| |
| |
| |
| | |
Also force installation to use WSL2 to prevent accidental usage of WSL1
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
(requires psi)
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| |\ \
| |/
|/|
| |
| | |
openshift-cherrypick-robot/cherry-pick-15235-to-v4.2
[CI:DOCS] [v4.2] pkginstaller: use correct GOARCH value in case of arm build
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
to compile arm bits the GOARCH should be set to amd64 script
was wrongly using aarch64 instead
[NO NEW TESTS NEEDED]
Signed-off-by: Anjan Nath <kaludios@gmail.com>
|
| |\ \
| |/
|/| |
[v4.2] Cirrus: Improve CI VM image updates for EC2
|
| | |
| |
| |
| | |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
AWS EC2 keys VM images by an utterly unreadable, horrible to use,
generated "AMI ID" value. This is very error prone for humans in
practice, since it's impossible to tell one image from the next by
eye. Worse, EC2 permits duplicate name-tag values, complicating
image specification further.
However fortunately, Cirrus-CI recently implemented a feature by
which AMI's may be referenced by a name-tag search - choosing
the most recent AMI found. Since the `containers/automation_images`
build workflow always assigns a unique name + `$IMAGE_SUFFIX` value,
we can simply re-use it for both AWS and GCP image specification.
In other words as of this commit, specifying new CI VM images can
be done by simply updating the `$IMAGE_SUFFIX` value as we've always
done. No need to call out a specific AMI ID just for EC2 tasks.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |\ \
| |/
|/| |
Bump to v4.2.0-rc3
|
| | |
| |
| |
| | |
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |/
|
|
| |
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |\
| |
| | |
[CI:DOCS] v4.2.0-rc3 release notes
|
| |/
|
|
|
| |
Co-authored-by: Valentin Rothberg <vrothberg@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |\
| |
| | |
[CI:DOCS] [4.2] Backport MacOS pkginstaller
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
we were not using the correct GOARCH to build the podman remote
and podman-mac-helper binaries, this uses the ARCH value passed
to the make invocation to set the GORACH
[NO NEW TESTS NEEDED]
Signed-off-by: Anjan Nath <kaludios@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
this updates downloading of gvproxy and qemu using a standard
makefile rule which will avoid downloading them again if its
already downloaded
[NO NEW TESTS NEEDED]
Signed-off-by: Anjan Nath <kaludios@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Anjan Nath <kaludios@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
add file hvf.entitlements which has the com.apple.security.hypervisor
entitlement needed for qemu
[NO NEW TESTS NEEDED]
Signed-off-by: Anjan Nath <kaludios@gmail.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
it installs podman and supporting binaries along with
qemu to have a functioning podman install using a pkg
podman and podman-mac-helper is compiled from source
gvproxy binary is downloaded from its github releases
and qemu from github release of containers/podman-machine-qemu
[NO NEW TESTS NEEDED]
Signed-off-by: Anjan Nath <kaludios@gmail.com>
|
| |\
| |
| | |
[v4.2] Sigstore sign
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Allow creating sigstore signatures via --sign-by-sigstore-private-key .
Like existing --sign-by, it does not work remote (in this case
because we would have to copy the private key to the server).
- Allow passing a passphrase (which is mandatory for sigstore private keys)
via --sign-passphrase-file; if it is not provided, prompt interactively.
- Also, use that passphrase for --sign-by as well, allowing non-interactive
GPG use. (But --sign-passphrase-file can only be used with _one of_
--sign-by and --sign-by-sigstore-private-key.)
Note that unlike the existing code, (podman build) does not yet
implement sigstore (I'm not sure why it needs to, it seems not to
push images?) because Buildah does not expose the feature yet.
Also, (podman image sign) was not extended to support sigstore.
The test for this follows existing (podman image sign) tests
and doesn't work rootless; that could be improved by exposing
a registries.d override option.
The test for push is getting large; I didn't want to
start yet another registry container, but that would be an
alternative. In the future, Ginkgo's Ordered/BeforeAll
would allow starting a registry once and using it for two
tests.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
... because it is documented to be ignored.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
AFAICS it is not used anywhere.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
... to get https://github.com/containers/common/pull/1106 .
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
... primarily so that it can support OCI artifacts.
2.8 already seems to exist in the repo.
This requires changing WaitContainerReady to also check
stderr (ultimately because docker/distribution was
updated to a more recent sirupsen/logrus, which logs
by default to stderr instead of stdout).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
... instead of hard-coding a copy of the value.
Notably this makes hack/podman_registry actually
support the documented -i option.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
htpasswd is no longer included in docker.io/library/distribution
after 2.7.0, per https://github.com/docker/distribution-library-image/issues/107 ,
and we want to upgrade to a recent version.
At least system tests currently execute htpasswd from the OS,
so it seems that it is likely to be available.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |/
|
|
|
|
|
| |
The key used in the tests has expired. Remove the expiration date to
turn CI happy and green.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\
| |
| | |
Bump to v4.2.0-RC2
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Probably a result of the Ubuntu images being bumped on Main but
not in this branch. Not worth chasing down exactly what's going
wrong, so let's just disable it.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| | |
Label matching did not use regular expressions, it used glob
matching. Let's fix the release notes to prevent confusion.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Document why the default value for --sdnotify is overridden.
Some was included text from
https://github.com/containers/podman/issues/15029#issuecomment-1192244755
* Document that --sdnotify=ignore is overridden.
Fixes #15029
Co-authored-by: Valentin Rothberg <vrothberg@redhat.com>
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
for podman pod create, when we are not sharing any namespaces there is no point for the infra container.
This is especially true since resources have also been decoupled from the container recently.
handle this on the cmd level so that we can still create infra if set explicitly
resolves #15048
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Before making / mutable/immutable, podman-machine checks if the mount is
being done in /home or /mnt. However the current check is always going
to be true:
```
!strings.HasPrefix(mount.Target, "/home") || !strings.HasPrefix(mount.Target, "/mnt")
```
is false when mount.Target starts with "/home" and mount.Target starts
with "/mnt", which cannot happen at the same time.
The correct check is:
```
!strings.HasPrefix(mount.Target, "/home") && !strings.HasPrefix(mount.Target, "/mnt")
```
which can also be written as:
```
!(strings.HasPrefix(mount.Target, "/home") || strings.HasPrefix(mount.Target, "/mnt"))
```
The impact is not too bad, it results in extra 'chattr -i' calls which
should be unneeded.
[NO NEW TESTS NEEDED]
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Option defaults in API must be the same as in CLI.
```
% podman image push --help
% podman image pull --help
% podman manifest push --help
% podman image search --help
```
All of these CLI commands them have --tls-verify=true by default:
```
--tls-verify require HTTPS and verify certificates when accessing the registry (default true)
```
As for `podman image build`, it doesn't have any means to control
`tlsVerify` parameter but it must be true by default.
Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some refer to issues that are closed. Remove them.
Some are runc bugs that will never be fixed. Say so, and remove
the FIXME.
One (bps/iops) should probably be fixed. File an issue for it, and
update comment to include the issue# so my find-obsolete-skips script
can track it.
And one (rootless mount with a "kernel bug?" comment) is still
not fixed. Leave the skip, but add a comment documenting the symptom.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
And a new one for `run --detach`.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I honestly do not understand all this extra option parsing here but
there is really no reason to exclude the option for remote, all the
other global options are also set there.
This fixes a problem with mixed cni/netavark use because the option was
unset.
Fixes #15017
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Most network commands/features work with both netavark and CNI. When
we added added netavark most docs were not vetted and thus still use CNI
network, it should just say network.
Fixes #14990
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
do not attempt to lock all containers on pod rm since it can cause
deadlocks when other podman cleanup processes are attempting to lock
the same containers in a different order.
[NO NEW TESTS NEEDED]
Closes: https://github.com/containers/podman/issues/14929
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Improve the error message when looking up the exit code of a container.
The state of the container may help us track down #14859 which flakes
rarely and is impossible to reproduce on my machine.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
podman-remote has a dependency on $(SRCBINDIR), because on
Mac and Windows that's a special dir that may not exist.
But depending on a directory means depending on its mtime,
which changes every time a file in it is updated, which
means running 'make' twice in a row will rebuild podman-remote
for no good reason.
Solution: GNU Make has the concept of "order-only" prerequisites,
precisely for this situation. Use it. Since it's an obscure
feature, document it.
UPDATE: This exposed some nasty duplication wrt podman-remote rules.
Clean those up, and add comments to some confusing sections.
Fixes: #14756
(Also, drive-by edit to remove a stray misdocumented non-option)
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Make sure containers created via API have the correct umask from
containers.conf set.
Fixes #15036
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
