| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
All callers hard-code a header value, so this is actually shorter.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... which can be called independently.
For now, there are no new callers, to test that the behavior
has not changed.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
All callers hard-code a header value, so this is actually shorter.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... which can be called independently.
For now, there are no new callers, to test that the behavior
has not changed.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This shares the code, and makes getConfigCredentials
and getAuthCredentials side-effect free and possibly easier to test.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We'll share even more code here in the future.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... and have GetCredentials pass the values down to
getConfigCredentials and getAuthCredentials.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It's possibly a bit more expensive, but semantically safer
because it does header normalization.
And we'll regain the cost by not looking up the value repeatedly.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use separate lines, and use the provided .String() API.
Should not change behaivor.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Both have a single caller, so there's no point in looking up
the header value twice.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In the "no input" case, return a constant instead of
continuing with the decode/convert path, converting empty data.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Don't create a single-element map only for the only caller
to laboriously extract an element of that map; just return
a single entry.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Almost every caller is using it only to wrap an error
in exactly the same way, so move that error context into GetCredentials
and simplify the users.
(The one other caller, build, was even wrapping the error incorrectly
talking about query parameters; so let it use the same text as the others.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... to refer to auth file keys instead of servers and the like.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... as an end-to-end unit test of the header creation/parsing
code.
Leave the docker.io and docker.io/vendor test cases commented out,
because they are currently failing.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Just a single function that handles all of Header,
headerConfig and headerAuth; we will split that later.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove the created temporary file.
Use more appropriate assertion calls.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Also rename it to parseSingleAuthHeader
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Also rename it to parseMultiAuthHeader.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Fix CI
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
crun should be available in f35.
[ NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
Support volume bind mounts for rootless containers
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix handling of "bind" and "tmpfs" olumes to actually work.
Allow bind, tmpfs local volumes to work in rootless mode.
Also removed the string "error" from all error messages that begine with it.
All Podman commands are printed with Error:, so this causes an ugly
stutter.
Fixes: https://github.com/containers/podman/issues/12013
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
[CI:DOCS] correct typo words in docs
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | | |
"for creating a container" appears for networks and volumes
Signed-off-by: David Marshall <dmarshall@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Change Tests to ignore missing containers when removing --all
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fixes: https://github.com/containers/podman/issues/12740
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Pod Security Option support and Infra Inheritance changes
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Added support for pod security options. These are applied to infra and passed down to the
containers as added (unless overridden).
Modified the inheritance process from infra, creating a new function Inherit() which reads the config, and marshals the compatible options into an intermediate struct `InfraInherit`
This is then unmarshaled into a container config and all of this is added to the CtrCreateOptions. Removes the need (mostly) for special additons which complicate the Container_create
code and pod creation.
resolves #12173
Signed-off-by: cdoern <cdoern@redhat.com>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Avoid RemoteSocket collisions in e2e tests
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
- It probably doesn't actually make a difference: in experiments,
the github.com/containers/storage/pkg/stringid RNG initialization
has been happening later
- This makes the RNG caller-controlled (which we don't benefit from),
but also the same on all nodes of multi-process Ginkgo execution.
So, if it works at all, it may make collisions of random ID values
more likely, and our tests are not robust against that. So don't
go out of our way to make collisions more likely.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Add lock files and re-generate the UUID if we
are not a known-unique user of the socket path.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Separate the code that determines the directory and file prefix
from the code that chooses and applies a UUID; we will make the
second part more complex in a bit.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |\ \ \ \ \ \ \
| |_|_|/ / / /
|/| | | | | | |
podman image scp never enter podman user NS
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Podman image scp should never enter the Podman UserNS unless it needs to. This allows for
a sudo exec.Command to transfer images to and from rootful storage. If this command is run using sudo,
the simple sudo podman save/load does not work, machinectl/su is necessary here.
This modification allows for both rootful and rootless transfers, and an overall change of scp to be
more of a wrapper function for different load and save calls as well as the ssh component
Signed-off-by: cdoern <cdoern@redhat.com>
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Fix test flake in test/e2e/pod_initcontainers
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Commit 3c3fa6fac4d0f8e8 added a few test cases for the init containers.
The "podman ensure always init containers always run" implicitly assumes
that restarting a pod will take more than 1 second. When this assumption
is not met (because computers are fast!), we get a flake.
The fix (without using sleep) is to print nanoseconds in date output.
This format option (%N) is not supported by date in Alpine Linux, so
switch to Fedora.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
|
| |/ / / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Commit e1443fe05d146def6 added a test case that ran "date +%N" inside
a Fedora container (without actually using its output).
Commit ccc5bc167fa2c140 changed that test case to use Alpine. Problem
is, %N is not supported by date in Alpine (it only prints a newline).
To eliminate the ambiguity, replace date with touch.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Fix Container List API call to return mount info
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
We are hard coding mounts to return nil in compat API,
since we have the data, we should return it.
Fixes: https://github.com/containers/podman/issues/12734
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \ \ \ \ \
| |_|_|_|_|/ / /
|/| | | | | | | |
legacy events: also set Action="die"
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
For Status = "die", Docker sets the exit code of the container
to a field "exitCode". Podman uses "containerExitCode".
Copy the value into "exitCode" as well, for compatibility.
Signed-off-by: Leah Neukirchen <leah@vuxu.org>
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Since #10168, on the event "died", the Status is set to "die"
for compatibility with the Docker API. Docker also sets
the field Action to "died", so do the same here.
Signed-off-by: Leah Neukirchen <leah@vuxu.org>
|
| |\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
ignition: add `certs` from current user into the machine while `init`
|
| | | |_|_|_|/ / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Following PR ensures that certs from `~/.config/containers/certs.d` or `~/.config/docker/certs.d`
are copied into the remote machine at `/etc/containers/certs.d/`
As a result on platforms like `macOS` where podman works with a remote
machine setup. User's local certs must be transferd to VM without any
plumbing needed by user.
[NO-NEW-TESTS-NEEDED]
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |\ \ \ \ \ \ \ \
| |_|_|/ / / / /
|/| | | | | | | |
[CI:DOCS] Fix wrong 'podman search --format' placeholder
|
| |/ / / / / / /
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Pavel Dostál <pdostal@suse.cz>
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
add --ip6 flag to podman create/run
|
| | | |_|_|/ / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Add the --ipv6 flag to podman create/run and pod create. We support the
--network name:ip6=<ip> syntax now but for docker compat we should also
support the --ip6 flag.
Note that there is no validation if the ip is actually a v6 or v4 address
because the backend does not care either.
Fixes #7511
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
