summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
| * test: update apply-podman-deltas for new testsAditya R2022-08-09
| | | | | | | | | | | | | | | | | | | | Skip some newly added test for remote and modify error output of a test case which is reporter early in case of podman. [NO NEW TESTS NEEDED] [NO TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
| * build: implement --cache-to,--cache-from and --cache-ttlAditya R2022-08-09
| | | | | | | | | | | | | | [NO NEW TESTS NEEDED] [NO TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
| * vendor: bump buildah to v1.27.0Aditya R2022-08-09
| | | | | | | | | | | | | | | | Bump buildah to v1.27.0 [NO NEW TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
* | Merge pull request #15214 from ashley-cui/backport4.2OpenShift Merge Robot2022-08-09
|\ \ | | | | | | [4.2] Backport WSL Machine fixes
| * | Fixes #15154 Change order when config and connections are writtenGerard Braad2022-08-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the break out or the WSL environment fails to start, the config and connections should not be written. Placing them at the end of the provisioning step will mitigate the issue. [NO NEW TESTS NEEDED] Signed-off-by: Gerard Braad <me@gbraad.nl>
| * | Add support, and default to rootless w/WSL promptJason T. Greene2022-08-08
| | | | | | | | | | | | | | | | | | Also force installation to use WSL2 to prevent accidental usage of WSL1 Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
| * | Disable F36 service that is incompat with WSL kernJason T. Greene2022-08-08
| | | | | | | | | | | | | | | | | | (requires psi) Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | | Merge pull request #15240 from ↵OpenShift Merge Robot2022-08-09
|\ \ \ | |/ / |/| | | | | | | | openshift-cherrypick-robot/cherry-pick-15235-to-v4.2 [CI:DOCS] [v4.2] pkginstaller: use correct GOARCH value in case of arm build
| * | pkginstaller: use correct GOARCH value in case of arm buildAnjan Nath2022-08-08
| |/ | | | | | | | | | | | | | | | | to compile arm bits the GOARCH should be set to amd64 script was wrongly using aarch64 instead [NO NEW TESTS NEEDED] Signed-off-by: Anjan Nath <kaludios@gmail.com>
* | Merge pull request #15216 from cevich/v4.2_image_searchOpenShift Merge Robot2022-08-08
|\ \ | |/ |/| [v4.2] Cirrus: Improve CI VM image updates for EC2
| * Cirrus: Update DEST_BRANCH to v4.2Chris Evich2022-08-05
| | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Improve CI VM image updates for EC2Chris Evich2022-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | AWS EC2 keys VM images by an utterly unreadable, horrible to use, generated "AMI ID" value. This is very error prone for humans in practice, since it's impossible to tell one image from the next by eye. Worse, EC2 permits duplicate name-tag values, complicating image specification further. However fortunately, Cirrus-CI recently implemented a feature by which AMI's may be referenced by a name-tag search - choosing the most recent AMI found. Since the `containers/automation_images` build workflow always assigns a unique name + `$IMAGE_SUFFIX` value, we can simply re-use it for both AWS and GCP image specification. In other words as of this commit, specifying new CI VM images can be done by simply updating the `$IMAGE_SUFFIX` value as we've always done. No need to call out a specific AMI ID just for EC2 tasks. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #15202 from lsm5/v420RC3-releaseopenshift-ci[bot]2022-08-05
|\ \ | |/ |/| Bump to v4.2.0-rc3
| * Bump back to v4.2.0-devLokesh Mandvekar2022-08-05
| | | | | | | | Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
| * Bump to v4.2.0-rc3v4.2.0-rc3Lokesh Mandvekar2022-08-05
|/ | | | Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* Merge pull request #15201 from lsm5/v420RC3openshift-ci[bot]2022-08-05
|\ | | | | [CI:DOCS] v4.2.0-rc3 release notes
| * v4.2.0-rc3 release notesLokesh Mandvekar2022-08-05
|/ | | | | Co-authored-by: Valentin Rothberg <vrothberg@redhat.com> Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* Merge pull request #15194 from ashley-cui/backportsopenshift-ci[bot]2022-08-04
|\ | | | | [CI:DOCS] [4.2] Backport MacOS pkginstaller
| * pkginstaller: use correct GOARCH while building podman binariesAnjan Nath2022-08-04
| | | | | | | | | | | | | | | | | | | | we were not using the correct GOARCH to build the podman remote and podman-mac-helper binaries, this uses the ARCH value passed to the make invocation to set the GORACH [NO NEW TESTS NEEDED] Signed-off-by: Anjan Nath <kaludios@gmail.com>
| * pkginstaller: makefile improvements to avoid redownloadingAnjan Nath2022-08-04
| | | | | | | | | | | | | | | | | | | | this updates downloading of gvproxy and qemu using a standard makefile rule which will avoid downloading them again if its already downloaded [NO NEW TESTS NEEDED] Signed-off-by: Anjan Nath <kaludios@gmail.com>
| * pkginstaller: add makefile target to notarize the built pkgAnjan Nath2022-08-04
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Anjan Nath <kaludios@gmail.com>
| * pkginstaller: sign qemu-system-* binary for the pkgAnjan Nath2022-08-04
| | | | | | | | | | | | | | | | | | add file hvf.entitlements which has the com.apple.security.hypervisor entitlement needed for qemu [NO NEW TESTS NEEDED] Signed-off-by: Anjan Nath <kaludios@gmail.com>
| * Add support for building macOS pkg installerAnjan Nath2022-08-04
|/ | | | | | | | | | | | | | it installs podman and supporting binaries along with qemu to have a functioning podman install using a pkg podman and podman-mac-helper is compiled from source gvproxy binary is downloaded from its github releases and qemu from github release of containers/podman-machine-qemu [NO NEW TESTS NEEDED] Signed-off-by: Anjan Nath <kaludios@gmail.com>
* Merge pull request #15142 from mtrmac/sigstore-sign-4.2openshift-ci[bot]2022-08-02
|\ | | | | [v4.2] Sigstore sign
| * Add support for creating sigstore signatures, and providing passphrasesMiloslav Trmač2022-08-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Allow creating sigstore signatures via --sign-by-sigstore-private-key . Like existing --sign-by, it does not work remote (in this case because we would have to copy the private key to the server). - Allow passing a passphrase (which is mandatory for sigstore private keys) via --sign-passphrase-file; if it is not provided, prompt interactively. - Also, use that passphrase for --sign-by as well, allowing non-interactive GPG use. (But --sign-passphrase-file can only be used with _one of_ --sign-by and --sign-by-sigstore-private-key.) Note that unlike the existing code, (podman build) does not yet implement sigstore (I'm not sure why it needs to, it seems not to push images?) because Buildah does not expose the feature yet. Also, (podman image sign) was not extended to support sigstore. The test for this follows existing (podman image sign) tests and doesn't work rootless; that could be improved by exposing a registries.d override option. The test for push is getting large; I didn't want to start yet another registry container, but that would be an alternative. In the future, Ginkgo's Ordered/BeforeAll would allow starting a registry once and using it for two tests. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * Hide podman manifest push --sign-by on remoteMiloslav Trmač2022-08-02
| | | | | | | | | | | | ... because it is documented to be ignored. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * Use signByFlagName instead of copy&pasting the stringMiloslav Trmač2022-08-02
| | | | | | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * Remove libpod/commonMiloslav Trmač2022-08-02
| | | | | | | | | | | | AFAICS it is not used anywhere. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * Update c/common to an unreleased versionMiloslav Trmač2022-08-02
| | | | | | | | | | | | ... to get https://github.com/containers/common/pull/1106 . Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * Update the registry server we test against from 2.6 to 2.8Miloslav Trmač2022-08-02
| | | | | | | | | | | | | | | | | | | | | | | | | | ... primarily so that it can support OCI artifacts. 2.8 already seems to exist in the repo. This requires changing WaitContainerReady to also check stderr (ultimately because docker/distribution was updated to a more recent sirupsen/logrus, which logs by default to stderr instead of stdout). Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * Use existing REGISTRY_IMAGE variables in more placesMiloslav Trmač2022-08-02
| | | | | | | | | | | | | | | | | | ... instead of hard-coding a copy of the value. Notably this makes hack/podman_registry actually support the documented -i option. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * Use httpasswd from the surrouding OS instead of the registry imageMiloslav Trmač2022-08-02
| | | | | | | | | | | | | | | | | | | | | | htpasswd is no longer included in docker.io/library/distribution after 2.7.0, per https://github.com/docker/distribution-library-image/issues/107 , and we want to upgrade to a recent version. At least system tests currently execute htpasswd from the OS, so it seems that it is likely to be available. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * fix e2e sign testsValentin Rothberg2022-08-02
|/ | | | | | | The key used in the tests has expired. Remove the expiration date to turn CI happy and green. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #15076 from mheon/bump_420_rc2OpenShift Merge Robot2022-07-27
|\ | | | | Bump to v4.2.0-RC2
| * Final v4.2.0-RC2 release notesMatthew Heon2022-07-27
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Skip one failing test on UbuntuMatthew Heon2022-07-27
| | | | | | | | | | | | | | | | Probably a result of the Ubuntu images being bumped on Main but not in this branch. Not worth chasing down exactly what's going wrong, so let's just disable it. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Fix incorrect release note about regexpMatthew Heon2022-07-26
| | | | | | | | | | | | | | Label matching did not use regular expressions, it used glob matching. Let's fix the release notes to prevent confusion. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Bump to v4.2.0-devMatthew Heon2022-07-26
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Bump to v4.2.0-RC2v4.2.0-rc2Matthew Heon2022-07-26
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Final release notes for v4.2.0-RC2Matthew Heon2022-07-26
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * [CI:DOCS] podman-generate-systemd.1.md: document --sdnotifyErik Sjölund2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * Document why the default value for --sdnotify is overridden. Some was included text from https://github.com/containers/podman/issues/15029#issuecomment-1192244755 * Document that --sdnotify=ignore is overridden. Fixes #15029 Co-authored-by: Valentin Rothberg <vrothberg@redhat.com> Co-authored-by: Tom Sweeney <tsweeney@redhat.com> Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
| * pod create --share none should not create infraCharlie Doern2022-07-26
| | | | | | | | | | | | | | | | | | | | | | for podman pod create, when we are not sharing any namespaces there is no point for the infra container. This is especially true since resources have also been decoupled from the container recently. handle this on the cmd level so that we can still create infra if set explicitly resolves #15048 Signed-off-by: Charlie Doern <cdoern@redhat.com>
| * machine: Fix check which is always trueChristophe Fergeau2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before making / mutable/immutable, podman-machine checks if the mount is being done in /home or /mnt. However the current check is always going to be true: ``` !strings.HasPrefix(mount.Target, "/home") || !strings.HasPrefix(mount.Target, "/mnt") ``` is false when mount.Target starts with "/home" and mount.Target starts with "/mnt", which cannot happen at the same time. The correct check is: ``` !strings.HasPrefix(mount.Target, "/home") && !strings.HasPrefix(mount.Target, "/mnt") ``` which can also be written as: ``` !(strings.HasPrefix(mount.Target, "/home") || strings.HasPrefix(mount.Target, "/mnt")) ``` The impact is not too bad, it results in extra 'chattr -i' calls which should be unneeded. [NO NEW TESTS NEEDED] Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
| * Set TLSVerify=true by default for API endpointsVladimir Kochnev2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Option defaults in API must be the same as in CLI. ``` % podman image push --help % podman image pull --help % podman manifest push --help % podman image search --help ``` All of these CLI commands them have --tls-verify=true by default: ``` --tls-verify require HTTPS and verify certificates when accessing the registry (default true) ``` As for `podman image build`, it doesn't have any means to control `tlsVerify` parameter but it must be true by default. Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
| * Semiperiodoc cleanup of obsolete FIXMEsEd Santiago2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some refer to issues that are closed. Remove them. Some are runc bugs that will never be fixed. Say so, and remove the FIXME. One (bps/iops) should probably be fixed. File an issue for it, and update comment to include the issue# so my find-obsolete-skips script can track it. And one (rootless mount with a "kernel bug?" comment) is still not fixed. Leave the skip, but add a comment documenting the symptom. Signed-off-by: Ed Santiago <santiago@redhat.com>
| * benchmarks: fix create testValentin Rothberg2022-07-26
| | | | | | | | | | | | And a new one for `run --detach`. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
| * integration test: fix network backend option with remotePaul Holzinger2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | I honestly do not understand all this extra option parsing here but there is really no reason to exclude the option for remote, all the other global options are also set there. This fixes a problem with mixed cni/netavark use because the option was unset. Fixes #15017 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * docs: remove CNI word where it is not applicablePaul Holzinger2022-07-26
| | | | | | | | | | | | | | | | | | | | Most network commands/features work with both netavark and CNI. When we added added netavark most docs were not vetted and thus still use CNI network, it should just say network. Fixes #14990 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * libpod: do not lock all containers on pod rmGiuseppe Scrivano2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | do not attempt to lock all containers on pod rm since it can cause deadlocks when other podman cleanup processes are attempting to lock the same containers in a different order. [NO NEW TESTS NEEDED] Closes: https://github.com/containers/podman/issues/14929 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * container wait: improve error messageValentin Rothberg2022-07-26
| | | | | | | | | | | | | | | | | | | | Improve the error message when looking up the exit code of a container. The state of the container may help us track down #14859 which flakes rarely and is impossible to reproduce on my machine. [NO NEW TESTS NEEDED] Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>