| Commit message (Collapse) | Author | Age |
|\
| |
| | |
[CI:DOCS] Pin actions to a full length commit SHA
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Pinned actions by SHA https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
>Pin actions to a full length commit SHA
>Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions
Also dependabot supports upgrades based on SHA.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
|
|\ \
| | |
| | | |
Updated dependabot to GitHub actions
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Updated dependabot to get updates for GitHub actions.
GitHub sends Dependabot alerts when we detect vulnerabilities affecting your repository
as well as when there are new updates to the dependency.
https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts
A vulnerability is a problem in a project's code that could be exploited to damage the confidentiality, integrity, or availability of the project or other projects that use its code. Vulnerabilities vary in type, severity, and method of attack.
When your code depends on a package that has a security vulnerability, this vulnerable dependency can cause a range of problems for your project or the people who use it.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
|
|\ \
| | |
| | | |
Machine refactor - part 1
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
the way machine was written was very adjunct and as such is in dire need
of refactoring to better structures and structure methods where
appropriate. the weekest part is specifically around all the files that
machine requires and how some are just dynamically built on the fly.
this pr defines a new machinefile type which allows us to work with the
file and also takes into account the use of symlinks which are going to
be needed on macos due to its relatively short file length restriction.
also, added unit tests for new methods as well as anywhere else I saw a
need.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| |/ /
|/| | |
network setup: fail if slirp4netns is not installed
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I do not see why we should only log an error. If slirp4netns is
requested but not installed we should error.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fixes errors from 'manifest push' being dropped in remote case
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: John Matthews <jwmatthews@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
libpod, event: generate a valid event on container `rename` operation
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Following commit ensures that podman generates a valid event on `podman
container rename` where event specifies that it is a rename event and
container name swtichted to the latest name.
Signed-off-by: Aditya R <arajan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Switch all calls to filepath.Walk to filepath.WalkDir
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
WalkDir should be faster the Walk, since we often do
not need to stat files.
[NO NEW TESTS NEEDED] Existing tests should find errors.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
containers/dependabot/go_modules/google.golang.org/protobuf-1.28.0
build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.27.1 to 1.28.0.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash)
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.27.1...v1.28.0)
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
[CI:DOCS] clarifying "loginctl enable-linger" section in doc
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Adam Maryniuk <adamaze@gmail.com>
|
|\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | | |
Vendor c/common for filters
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Added patch provided by rhatdan to add support for shareable
[NO NEW TESTS NEEDED]
Signed-off-by: rvandernoort <s.r.vandernoort@student.tudelft.nl>
|
|\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | | |
[CI:DOCS]: Update docs for image filters
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
[NO NEW TESTS NEEDED]
Signed-off-by: rvandernoort <s.r.vandernoort@student.tudelft.nl>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Resolves #13629 Add RegistryAuthHeader to manifest push
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Jason Montleon <jmontleo@redhat.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Remove error stutter
|
| | |_|_|_|/ /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
When podman gets an error it prints out "Error: " before
printing the error string. If the error message starts with
error, we end up with
Error: error ...
This PR Removes all of these stutters.
logrus.Error() also prints out that this is an error, so no need for the
error stutter.
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
containers/dependabot/go_modules/github.com/docker/docker-20.10.14incompatible
build(deps): bump github.com/docker/docker from 20.10.13+incompatible to 20.10.14+incompatible
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.13+incompatible to 20.10.14+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/docker/docker/compare/v20.10.13...v20.10.14)
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \ \ \ \ \ \ \
| |_|/ / / / / /
|/| | | | | | | |
Run codespell to cleanup typos
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \ \ \
| |/ / / / / / /
|/| | | | | | |
| | | | | | | |
| | | | | | | | |
containers/dependabot/go_modules/github.com/rootless-containers/rootlesskit-1.0.0
build(deps): bump github.com/rootless-containers/rootlesskit from 0.14.6 to 1.0.0
|
|/ / / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Bumps [github.com/rootless-containers/rootlesskit](https://github.com/rootless-containers/rootlesskit) from 0.14.6 to 1.0.0.
- [Release notes](https://github.com/rootless-containers/rootlesskit/releases)
- [Commits](https://github.com/rootless-containers/rootlesskit/compare/v0.14.6...v1.0.0)
---
updated-dependencies:
- dependency-name: github.com/rootless-containers/rootlesskit
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
test: fix podman run test as rootless
|
|/ / / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
aafa80918a245edcbdaceb1191d749570f1872d0 introduced the regression.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Misc typo fixes
|
|/ / / / / / /
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
[CI:DOCS] docs: drop note about upcoming RHEL 7.7
|
|/ / / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
it was released more than two years ago.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Add Context Directory to tar
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
podman build fails on remote build when using a relative context directory.
This is because the context dir was not being added to the tar, so when remote
the compat build function would not be able to stat the contextDir.
resolves #13293
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
When running systemd in a container set container_uuid
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
systemd expects the container_uuid environment variable be set
when it is running in a container.
Fixes: https://github.com/containers/podman/issues/13187
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
podman machine: fix port forwarding with proxy
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
When a user has a http proxy configured the VM will use it. However
since gvproxy can only be reached internally from within the VM the port
forwarding HTTP API call should not be redirected to the proxy.
[NO NEW TESTS NEEDED]
Fixes #13628
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
Bump github.com/prometheus/client_golang to v1.11.1
|
| | |_|_|_|/ / / / /
| |/| | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Resolves: CVE-2022-21698
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
readConmonPipeData: try to improve error
|
| | |/ / / / / / / /
| |/| | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Issue #10927 reports `container create failed (no logs from conmon): EOF`
errors. Since we do not know the root cause it would be helpful to try
to get as much info as possible out of the error.
(buffer).ReadBytes() will return the bytes read even when an error
occurs. So when we get an EOF we could still have some valuable
information in the buffer. Lets try to unmarshal them and if this fails
we add the bytes to the error message.
This does not fix the issue but it might help us getting a better error.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
[CI:DOCS] document that using libpod package directly is not supported
|
| | |_|/ / / / / / /
| |/| | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
We do not support using the libpod package outside of podman. There is
no stable interface which can be used. Instead point users to the API
and go bindings.
Fixes #13086
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|