| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
| |
Fixes https://github.com/containers/podman/issues/15049
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.1.11 to 0.1.12.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.1.11...v0.1.12)
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow the cleanup process (and others) to transition the container from
`stopping` to `exited`. This fixes a race condition detected in #14859
where the cleanup process kicks in _before_ the stopping process can
read the exit file. Prior to this fix, the cleanup process left the
container in the `stopping` state and removed the conmon files, such
that the stopping process also left the container in this state as it
could not read the exit files. Hence, `podman wait` timed out (see the
23 seconds execution time of the test [1]) due to the unexpected/invalid
state and the test failed.
Further turn the warning during stop to a debug message since it's a
natural race due to the daemonless/concurrent architecture and nothing
to worry about.
[NO NEW TESTS NEEDED] since we can only monitor if #14859 continues
flaking or not.
[1] https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/6210434704343040/html/sys-remote-fedora-36-rootless-host.log.html#t--00205
Fixes: #14859
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This bug is reproduced when we execute the following command:
1. podman manifest add <manifest list> <images exist on local storage>
2. podman manifest push --rm <manifest list> dir:<directory>
If pushing succeeds, it is expected to remove only a manifest list.
However, manifest list remains on local storage and images are removed.
This commit fixes `podman manifest push --rm` to remove only a manifest list.
And, supports `manifest push --rm option` in remote environment,
like host environment.
Fixes: https://github.com/containers/podman/issues/15033
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |
|
|
|
|
|
|
| |
If there is a match for both container and image, we restore the container.
Fixes: https://github.com/containers/podman/issues/15055
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This Patch will cause podman COMMAND rm --force bogus not fail
This is how Docker works, so Podman should follow this to allow existing
scripts to convert from Docker to Podman.
Fixes: #14612
Oprignal version of this patch came from wufan 1991849113@qq.com
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Skip some newly added test for remote and modify error output of a test
case which is reporter early in case of podman.
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |
|
|
|
|
|
| |
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |
|
|
|
|
|
|
| |
Bump buildah to v1.27.0
[NO NEW TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |\
| |
| | |
[4.2] Backport WSL Machine fixes
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When the break out or the WSL environment fails to start, the config
and connections should not be written. Placing them at the end of the
provisioning step will mitigate the issue.
[NO NEW TESTS NEEDED]
Signed-off-by: Gerard Braad <me@gbraad.nl>
|
| | |
| |
| |
| |
| |
| | |
Also force installation to use WSL2 to prevent accidental usage of WSL1
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
(requires psi)
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| |\ \
| |/
|/|
| |
| | |
openshift-cherrypick-robot/cherry-pick-15235-to-v4.2
[CI:DOCS] [v4.2] pkginstaller: use correct GOARCH value in case of arm build
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
to compile arm bits the GOARCH should be set to amd64 script
was wrongly using aarch64 instead
[NO NEW TESTS NEEDED]
Signed-off-by: Anjan Nath <kaludios@gmail.com>
|
| |\ \
| |/
|/| |
[v4.2] Cirrus: Improve CI VM image updates for EC2
|
| | |
| |
| |
| | |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
AWS EC2 keys VM images by an utterly unreadable, horrible to use,
generated "AMI ID" value. This is very error prone for humans in
practice, since it's impossible to tell one image from the next by
eye. Worse, EC2 permits duplicate name-tag values, complicating
image specification further.
However fortunately, Cirrus-CI recently implemented a feature by
which AMI's may be referenced by a name-tag search - choosing
the most recent AMI found. Since the `containers/automation_images`
build workflow always assigns a unique name + `$IMAGE_SUFFIX` value,
we can simply re-use it for both AWS and GCP image specification.
In other words as of this commit, specifying new CI VM images can
be done by simply updating the `$IMAGE_SUFFIX` value as we've always
done. No need to call out a specific AMI ID just for EC2 tasks.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |\ \
| |/
|/| |
Bump to v4.2.0-rc3
|
| | |
| |
| |
| | |
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |/
|
|
| |
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |\
| |
| | |
[CI:DOCS] v4.2.0-rc3 release notes
|
| |/
|
|
|
| |
Co-authored-by: Valentin Rothberg <vrothberg@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |\
| |
| | |
[CI:DOCS] [4.2] Backport MacOS pkginstaller
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
we were not using the correct GOARCH to build the podman remote
and podman-mac-helper binaries, this uses the ARCH value passed
to the make invocation to set the GORACH
[NO NEW TESTS NEEDED]
Signed-off-by: Anjan Nath <kaludios@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
this updates downloading of gvproxy and qemu using a standard
makefile rule which will avoid downloading them again if its
already downloaded
[NO NEW TESTS NEEDED]
Signed-off-by: Anjan Nath <kaludios@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Anjan Nath <kaludios@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
add file hvf.entitlements which has the com.apple.security.hypervisor
entitlement needed for qemu
[NO NEW TESTS NEEDED]
Signed-off-by: Anjan Nath <kaludios@gmail.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
it installs podman and supporting binaries along with
qemu to have a functioning podman install using a pkg
podman and podman-mac-helper is compiled from source
gvproxy binary is downloaded from its github releases
and qemu from github release of containers/podman-machine-qemu
[NO NEW TESTS NEEDED]
Signed-off-by: Anjan Nath <kaludios@gmail.com>
|
| |\
| |
| | |
[v4.2] Sigstore sign
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Allow creating sigstore signatures via --sign-by-sigstore-private-key .
Like existing --sign-by, it does not work remote (in this case
because we would have to copy the private key to the server).
- Allow passing a passphrase (which is mandatory for sigstore private keys)
via --sign-passphrase-file; if it is not provided, prompt interactively.
- Also, use that passphrase for --sign-by as well, allowing non-interactive
GPG use. (But --sign-passphrase-file can only be used with _one of_
--sign-by and --sign-by-sigstore-private-key.)
Note that unlike the existing code, (podman build) does not yet
implement sigstore (I'm not sure why it needs to, it seems not to
push images?) because Buildah does not expose the feature yet.
Also, (podman image sign) was not extended to support sigstore.
The test for this follows existing (podman image sign) tests
and doesn't work rootless; that could be improved by exposing
a registries.d override option.
The test for push is getting large; I didn't want to
start yet another registry container, but that would be an
alternative. In the future, Ginkgo's Ordered/BeforeAll
would allow starting a registry once and using it for two
tests.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
... because it is documented to be ignored.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
AFAICS it is not used anywhere.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
... to get https://github.com/containers/common/pull/1106 .
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
... primarily so that it can support OCI artifacts.
2.8 already seems to exist in the repo.
This requires changing WaitContainerReady to also check
stderr (ultimately because docker/distribution was
updated to a more recent sirupsen/logrus, which logs
by default to stderr instead of stdout).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
... instead of hard-coding a copy of the value.
Notably this makes hack/podman_registry actually
support the documented -i option.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
htpasswd is no longer included in docker.io/library/distribution
after 2.7.0, per https://github.com/docker/distribution-library-image/issues/107 ,
and we want to upgrade to a recent version.
At least system tests currently execute htpasswd from the OS,
so it seems that it is likely to be available.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |/
|
|
|
|
|
| |
The key used in the tests has expired. Remove the expiration date to
turn CI happy and green.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\
| |
| | |
Bump to v4.2.0-RC2
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Probably a result of the Ubuntu images being bumped on Main but
not in this branch. Not worth chasing down exactly what's going
wrong, so let's just disable it.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| | |
Label matching did not use regular expressions, it used glob
matching. Let's fix the release notes to prevent confusion.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Document why the default value for --sdnotify is overridden.
Some was included text from
https://github.com/containers/podman/issues/15029#issuecomment-1192244755
* Document that --sdnotify=ignore is overridden.
Fixes #15029
Co-authored-by: Valentin Rothberg <vrothberg@redhat.com>
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
for podman pod create, when we are not sharing any namespaces there is no point for the infra container.
This is especially true since resources have also been decoupled from the container recently.
handle this on the cmd level so that we can still create infra if set explicitly
resolves #15048
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Before making / mutable/immutable, podman-machine checks if the mount is
being done in /home or /mnt. However the current check is always going
to be true:
```
!strings.HasPrefix(mount.Target, "/home") || !strings.HasPrefix(mount.Target, "/mnt")
```
is false when mount.Target starts with "/home" and mount.Target starts
with "/mnt", which cannot happen at the same time.
The correct check is:
```
!strings.HasPrefix(mount.Target, "/home") && !strings.HasPrefix(mount.Target, "/mnt")
```
which can also be written as:
```
!(strings.HasPrefix(mount.Target, "/home") || strings.HasPrefix(mount.Target, "/mnt"))
```
The impact is not too bad, it results in extra 'chattr -i' calls which
should be unneeded.
[NO NEW TESTS NEEDED]
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Option defaults in API must be the same as in CLI.
```
% podman image push --help
% podman image pull --help
% podman manifest push --help
% podman image search --help
```
All of these CLI commands them have --tls-verify=true by default:
```
--tls-verify require HTTPS and verify certificates when accessing the registry (default true)
```
As for `podman image build`, it doesn't have any means to control
`tlsVerify` parameter but it must be true by default.
Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
|
