summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #14435 from cevich/makefile_emptyOpenShift Merge Robot2022-06-02
|\ | | | | Makefile: Handle unexpected empty var. values
| * Makefile: Handle unexpected empty var. valuesChris Evich2022-06-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #14021 Substitution values built from `$(shell ...)` output can easily be empty due to the shell's default `pipefail` behavior. This can also hide non-zero exit codes, similarly resulting in empty values being set. While not a perfect fix, the situation is improved by using the `err_if_empty` function in all cases where empty values would be unexpected. Remove the definitions for `GIT_BRANCH` and `GIT_BRANCH_CLEAN` which don't seem to actually be used anywhere (including in code). Add a simple release-test to verify `podman info` outputs a non-empty value for "GitCommit". Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #14384 from mheon/move_attachOpenShift Merge Robot2022-06-02
|\ \ | | | | | | Move Attach under the OCI Runtime interface
| * | Move Attach under the OCI Runtime interfaceMatthew Heon2022-05-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With conmon-rs on the horizon, we need to disentangle Libpod from legacy Conmon to the greatest extent possible. There are definitely opportunities for codesharing between the two, but we have to assume the implementations will be largely disjoint given the different architectures. Fortunately, most of the work has already been done in the past. The conmon-managed OCI runtime mostly sits behind an interface, with a few exceptions - the most notable of those being attach. This PR thus moves Attach behind the interface, to ensure that we can have attach implementations that don't use our existing unix socket streaming if necessary. Still to-do is conmon cleanup. There's a lot of code that removes Conmon-specific files, or kills the Conmon PID, and all of it will need to be refactored behind the interface. [NO NEW TESTS NEEDED] Just moving some things around. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #14457 from Luap99/completion4OpenShift Merge Robot2022-06-02
|\ \ \ | | | | | | | | shell completion for paths inside the image/container
| * | | shell completion for paths inside the image/containerPaul Holzinger2022-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add shell completion for paths inside the container or image. Currently podman run IMAGE [TAB] only uses the default shell completion which suggests paths on the host. This is fine for some cases but often the user wants a path which only exists in the image/container. This commits adds support for that. Both podman create/run can now complete the paths from the image, podman cp ctr:... now completes paths from the actual container. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #14451 from PhrozenByte/bugfix/docs-publishOpenShift Merge Robot2022-06-02
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Document protocol usage for --publish
| * | | | Document protocol usage for --publishDaniel Rudolf2022-06-02
| | |_|/ | |/| | | | | | | | | | | | | | | | | | This also unifies the documentation of `--publish` for `podman create`, `podman run`, and `podman pod create`. Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
* | | | Merge pull request #14301 from rhatdan/volumeOpenShift Merge Robot2022-06-02
|\ \ \ \ | | | | | | | | | | Support setting image_volume_mode in containers.conf
| * | | | Support setting image_volume_mode in containers.confDaniel J Walsh2022-05-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/14230 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #14436 from Luap99/net-remote-defaultOpenShift Merge Robot2022-06-02
|\ \ \ \ \ | |_|_|/ / |/| | | | pkg/specgen: parse default network mode on server
| * | | | pkg/specgen: parse default network mode on serverPaul Holzinger2022-06-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When podman-remote is used we should not resolve the default network mode on the client. Defaults should be set on the server. In this case this is important because we have different defaults for root/rootless. So when the client is rootless and the server is root we must pick the root default. Note that this already worked when --network was set since we did not parsed the flag in this case. To reproduce you need --network=default. Also removed a unused function. [NO NEW TESTS NEEDED] I tested it manually but I am not sure how I can hook a test like this up in CI. The client would need to run as rootless and the server as root or the other way around. Fixes #14368 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #14395 from vrothberg/healthcheck-fixOpenShift Merge Robot2022-06-02
|\ \ \ \ \ | | | | | | | | | | | | healthcheck: wait for systemd operations
| * | | | | healthcheck: wait for systemd operationsValentin Rothberg2022-05-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure to wait for the systemd operations to finish when starting/stopping healtcheck timers and services. Also make sure to stop the timer before the service to avoid a race with the timer. [NO NEW TESTS NEEDED] since it is a non-functional change and existing tests are expected to pass. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | | | Merge pull request #14344 from cdoern/podCreateOpenShift Merge Robot2022-06-02
|\ \ \ \ \ \ | | | | | | | | | | | | | | podman pod create --uidmap patch
| * | | | | | podman pod create --uidmap patchcdoern2022-06-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podmans remote API does not marshal infra's spec due to the fact that if it did, all of those options would be available to the users on the command line. This means we need to manually map "backwards" some container spec items -> pod spec items before calling PodCreate, this was one of them that was forgotten resolves #14233 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* | | | | | | Merge pull request #14421 from Luap99/statsOpenShift Merge Robot2022-06-02
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | podman stats: work with network connect/disconnect
| * | | | | | | podman stats: work with network connect/disconnectPaul Holzinger2022-05-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hardcoding the interface name is a bad idea. We have no control over the actual interface name since the user can change it. The correct thing is to read them from the network status. Since the contianer can have more than one interface we have to add the RX/TX values. The other values are currently not used. For podman 5.0 we should change it so that the API can return the statistics per interface and the client should sum the TX/RX for the command output. This is what docker is doing. Fixes #13824 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | | | Merge pull request #14417 from Luap99/machine-sshOpenShift Merge Robot2022-06-02
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | podman machine ssh: set correct exit code
| * | | | | | | | podman machine ssh: do not print warning everytimePaul Holzinger2022-05-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currenlty this ssh warning is printed everytime: `Warning: Permanently added '[localhost]:33915' (ED25519) to the list of known hosts.` Since this is very anoying and makes it harder to capture the actual command output we should silence this. With log level error we will only see the important messages from ssh. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | | | | podman machine ssh: set correct exit codePaul Holzinger2022-05-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Forward the ssh exit code to the podman caller. This is useful for scripts. Use the same logic as podman unshare. Fixes #14401 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | | | | fix bad import path for cmd/podman/utilsPaul Holzinger2022-05-30
| |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Libpod or packages under /pkg should never import from /cmd/... This will quickly result in import cycles and weird code paths. Also there is no reason to use this special code we can just use syscall.SIGHUB as SIGNAL. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | | | Merge pull request #14448 from baude/issue14231OpenShift Merge Robot2022-06-02
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | expose podman.sock in machine inspect
| * | | | | | | | expose podman.sock in machine inspectBrent Baude2022-06-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For consumers of the podman.sock who want a predictable way to find the podman sock, we now include it under 'ConnectionConfig' in podman machine inspect. Fixes: #14231 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | | | | | Merge pull request #14446 from andrin55/podman-restart-service-shutdown-fixOpenShift Merge Robot2022-06-02
|\ \ \ \ \ \ \ \ \ | |_|_|_|_|_|_|/ / |/| | | | | | | | podman-restart.service: Add ExecStop and dependencies to fix shutdown
| * | | | | | | | Add ExecStop and dependencies to fix shutdownAndrin Brunner2022-06-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Andrin Brunner <andrin@acloud.one>
* | | | | | | | | Merge pull request #14439 from jakecorrenti/remove-hardcoded-imageStream-lineOpenShift Merge Robot2022-06-01
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Removed `imageStream` hardcoded value
| * | | | | | | | | Removed `imageStream` hardcoded valueJake Correnti2022-06-01
| | |/ / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Removed `imageStream` hardcoded value that was set to testing. Since podman4 is in the fcos trees, it should be removed. The respective comments have also been removed. Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* | | | | | | | | Merge pull request #14443 from Luap99/tail-logs-flakeOpenShift Merge Robot2022-06-01
|\ \ \ \ \ \ \ \ \ | |/ / / / / / / / |/| | | | | | | | fix "tail 800 lines: journald" flake
| * | | | | | | | fix "tail 800 lines: journald" flakePaul Holzinger2022-06-01
| |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The test calls podman run -d followed by podman logs. There is no guarantee the the container or conmon has written all its output. Adding an extra podman wait should fix this. Do not remove the -d to not print 1000 unnecessary lines in the logs. Fixes #14362 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | | | Merge pull request #14444 from Luap99/remote-static-linuxDaniel J Walsh2022-06-01
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | | Makefile: force podman-remote-static to linux
| * | | | | | | Makefile: force podman-remote-static to linuxPaul Holzinger2022-06-01
|/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some of the targets overwrite $GOOS. Since podman-remote-static should always build for linux we can force linux GOOS here. Fixes #14201 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | | Merge pull request #14424 from lsm5/gopkg-in-yaml-bumpOpenShift Merge Robot2022-06-01
|\ \ \ \ \ \ \ | |_|_|_|/ / / |/| | | | | | Bump gopkg.in/yaml.v3 to v3.0.1
| * | | | | | Bump gopkg.in/yaml.v3 to v3.0.1Lokesh Mandvekar2022-05-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | v3.0.1 resolves GHSA-hp87-p4gw-j4gq - CVE-2022-28948. While podman doesn't appear to be vulnerable to the CVE as the concerned code isn't being called, this update should silence a dependabot alert. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | | | | | Merge pull request #14433 from Luap99/restore-netOpenShift Merge Robot2022-05-31
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | fix podman container restore without CreateNetNS
| * | | | | | fix podman container restore without CreateNetNSPaul Holzinger2022-05-31
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a container does not use the default podman netns, for example --network none or --network ns:/path a restore would fail because the specgen check validates that c.config.StaticMAC is nil but the unmarshaller sets it to an empty slice. While we could make the check use len() > 0 I feel like it is more common to check with != nil for ip and mac addresses. Adding omitempty tag makes the json marshal/unmarshal work correctly. This should not cause any issues. Fixes #14389 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #14419 from Luap99/volume-importOpenShift Merge Robot2022-05-31
|\ \ \ \ \ \ | | | | | | | | | | | | | | podman volume export/import: give better error
| * | | | | | podman volume export/import: give better errorPaul Holzinger2022-05-30
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the volume does not exist we should output an error stating so and not some generic one. Fixes #14411 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #14415 from nicrowe00/14133OpenShift Merge Robot2022-05-31
|\ \ \ \ \ \ | |/ / / / / |/| | | | | no-new-privileges format
| * | | | | Podman no-new-privileges formatNiall Crowe2022-05-30
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In docker, the format of no-new-privileges is "no-new-privileges:true". However, for Podman all that's required is "no-new-privileges", leading to issues when attempting to use features desgined for docker in podman. Adding support for the ":" format to be used along with the "=" format, depedning on which one is entered by the user. fixes #14133 Signed-off-by: Niall Crowe <nicrowe@redhat.com>
* | | | | Merge pull request #14383 from jwhonce/wip/info_todoOpenShift Merge Robot2022-05-27
|\ \ \ \ \ | | | | | | | | | | | | Add Authorization field to Plugins for Info
| * | | | | Refactor populating uptimeJhon Honce2022-05-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refactor populating uptime field to use standard library parsing and math for populating the hour, minute, seconds fields. Note: the go-humanize package does not cover time.Duration just time.time. ```release-note NONE ``` [NO NEW TESTS NEEDED] Signed-off-by: Jhon Honce <jhonce@redhat.com>
| * | | | | Add Authorixation field to Plugins for InfoJhon Honce2022-05-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Authorization field lists the plugins for granting access to the Docker daemon. This field will always be nil for Podman as there is no daemon. The field is included for compatibility. ```release-note NONE ``` [NO NEW TESTS NEEDED] Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | Merge pull request #14393 from jwhonce/wip/archive_todoOpenShift Merge Robot2022-05-27
|\ \ \ \ \ \ | | | | | | | | | | | | | | Add API support for NoOverwriteDirNonDir
| * | | | | | Add API support for NoOverwriteDirNonDirJhon Honce2022-05-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update method signatures and structs to pass option to buildah code ```release-note NONE ``` [NO NEW TESTS NEEDED] Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | | Merge pull request #14320 from flouthoc/build-honor-squash-and-layersOpenShift Merge Robot2022-05-27
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | build: allow using `cache` explicitly with `--squash-all` using `--layers`
| * | | | | | | vendor: bump buildah to v1.26.1-0.20220524184833-5500333c2e06Aditya R2022-05-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bump buildah to v1.26.1-0.20220524184833-5500333c2e06 Signed-off-by: Aditya R <arajan@redhat.com>
| * | | | | | | build: allow using cache explicitly with --squash-all using --layersAditya R2022-05-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Buildah already supports using `--layers` with `--squash` after https://github.com/containers/buildah/pull/3674 if user wants to do so hence podman must honor similar configuration in `--squash-all` behaviour if user wants to using cache. PS: We cannot alter behaviour of `podman build --squash` for docker-compat reasons hence this feature can be easily supported by `--squash-all`. Closes: https://github.com/containers/buildah/issues/4011 Signed-off-by: Aditya R <arajan@redhat.com>
| * | | | | | | cmd, build: remove redundant squash processing logicAditya R2022-05-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Same block contains similar lines above this is not needed as this looks redundant. [NO NEW TESTS NEEDED] [NO TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
* | | | | | | | Merge pull request #14387 from TomSweeneyRedHat/dev/tsweeney/quickdocOpenShift Merge Robot2022-05-27
|\ \ \ \ \ \ \ \ | |_|/ / / / / / |/| | | | | | | [CI:DOCS] Quick typo for troubleshooting