aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* docs: move userns options to separate fileGiuseppe Scrivano2022-08-30
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* podman: add uid and gid options to keep-idGiuseppe Scrivano2022-08-30
| | | | | | | | | | | | | | | | | | | | add two new options to the keep-id user namespace option: - uid: allow to override the UID used inside the container. - gid: allow to override the GID used inside the container. For example, the following command will map the rootless user (that has UID=0 inside the rootless user namespace) to the UID=11 inside the container user namespace: $ podman run --userns=keep-id:uid=11 --rm -ti fedora cat /proc/self/uid_map 0 1 11 11 0 1 12 12 65525 Closes: https://github.com/containers/podman/issues/15294 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* infra: remove dead codeGiuseppe Scrivano2022-08-30
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #15532 from edsantiago/docs_dedup_httpproxyOpenShift Merge Robot2022-08-30
|\ | | | | [CI:DOCS] Man pages: refactor common options: --http-proxy
| * Man pages: refactor common options: --http-proxyEd Santiago2022-08-29
| | | | | | | | | | | | | | Only between podman-create and -run. (podman-build is too different). I went with the podman-run version. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #15536 from edsantiago/lock_5000OpenShift Merge Robot2022-08-30
|\ \ | | | | | | e2e tests: try to deflake 5000
| * | e2e tests: try to deflake 5000Ed Santiago2022-08-29
|/ / | | | | | | | | | | | | | | We keep getting flakes in tests that use port 5000. Try to find and fix, by switching ports where possible, and locking 5000 when not possible (or not easy) to switch. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #15457 from lsm5/packit-fix-spec-file-actionOpenShift Merge Robot2022-08-29
|\ \ | |/ |/| [CI:BUILD] Packit: Re-introduce packit with fix-spec-file action
| * [CI:BUILD] Packit: Re-introduce packit with fix-spec-file actionLokesh Mandvekar2022-08-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Any new files installed by new PRs and those present in unreleased versions of Podman will need additional manipulation of the dist-git spec file in the files section to workaround the `installed but unpackaged files` issue. The fix-spec-file packit action is useful for this. The default fix-spec-file action often has trouble guessing the correct version from upstream code, so it would be beneficial to specify the correct upstream version as well. See: https://packit.dev/docs/actions/#fix-spec-file Rename cirrus task: `Test build RPM` to `Test build podman-next Copr RPM` for clarity. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | Merge pull request #15528 from edsantiago/docs_dedup_dnsoptOpenShift Merge Robot2022-08-29
|\ \ | | | | | | [CI:DOCS] Man pages: refactor common options: --dns-*
| * | Man pages: refactor common options: --dns-*Ed Santiago2022-08-29
|/ / | | | | | | | | | | | | | | | | | | | | --dns-opt and --dns-search, but only in podman-create and -run. Went with the -run version in both cases; --dns-opt remained unchanged, but in --dns-search I changed 'and' to 'with'. Did not consolidate podman-build or podman-pod-create: too different. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #15481 from edsantiago/test_cleanup_apiv2OpenShift Merge Robot2022-08-29
|\ \ | | | | | | APIv2 test cleanup, part 2 of 2
| * | APIv2 test cleanup, part 2 of 2Ed Santiago2022-08-25
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This finishes the removal of curls and exits. Please please please, everyone, if you see a 'curl' or 'exit' in any new PR, reject the PR and tell me immediately so I can help the developer do it the proper way. Also, removed some very-very-wrong USER/UID code. Both are reserved variables in bash. You cannot override them. Also, added a cleanup to a system-connection test. I wasted a lot of time because my podman-remote stopped working, all because I had run this test as part of something unrelated. Also, found and fixed dangerously-broken timeout code. Implemented a new mechanism for requiring a timeout. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #15516 from kubealex/handle-connected-networkOpenShift Merge Robot2022-08-29
|\ \ | | | | | | Handle an already connected network in libpod API
| * | Fix #15499 already connected networkAlessandro Rossi2022-08-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Compat: Treat already attached networks as a no-op Applies only to containers in created state. Maintain error in running state. Co-authored-by: Alessandro Rossi <al.rossi87@gmail.com> Co-authored-by: Brent Baude <bbaude@redhat.com> Co-authored-by: Jason T. Greene <jason.greene@redhat.com> Signed-off-by: Alessandro Rossi <al.rossi87@gmail.com> Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | | Merge pull request #15500 from dfr/freebsd-terminalOpenShift Merge Robot2022-08-29
|\ \ \ | | | | | | | | pkg/domain: Add terminal support for FreeBSD
| * | | pkg/domain: Add terminal support for FreeBSDDoug Rabson2022-08-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This just moves the code to files which can be shared with freebsd. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | | Merge pull request #15504 from lsm5/aws-metaOpenShift Merge Robot2022-08-29
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Cirrus: Update meta-task for EC2 image
| * | | | [CI:DOCS] Cirrus: Update meta-task for EC2 imageLokesh Mandvekar2022-08-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Copied from: https://github.com/containers/aardvark-dns/pull/207 Fixes: #15502 Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | | | Merge pull request #15507 from patrycja-guzik/docs-examplesOpenShift Merge Robot2022-08-27
|\ \ \ \ \ | |_|/ / / |/| | | | [CI:DOCS] Fix example sections to follow the same format
| * | | | Fix example sections to follow the same formatpatrycja-guzik2022-08-27
| | | | | | | | | | | | | | | | | | | | Signed-off-by: patrycja-guzik <patrycja.k.guzik@gmail.com>
* | | | | Merge pull request #15494 from vrothberg/fix-15492OpenShift Merge Robot2022-08-26
|\ \ \ \ \ | |_|/ / / |/| | | | libpod: UpdateContainerStatus: do not wait for container
| * | | | libpod: UpdateContainerStatus: do not wait for containerValentin Rothberg2022-08-26
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 30e7cbccc194 accidentally added a deadlock as Podman was waiting for the exit code to show up when the container transitioned to stopped. Code paths that require the exit code to be written (by the cleanup process) should already be using `(*Container).Wait()` in a deadlock free way. [NO NEW TESTS NEEDED] as I did not manage to a reproducer that would work in CI. Ultimately, it's a race condition. Fixes: #15492 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | Merge pull request #15496 from returntrip/patch-2OpenShift Merge Robot2022-08-26
|\ \ \ \ | | | | | | | | | | [CI:DOCS] - Fix: template name inconsistency
| * | | | Fix template name inconsistency Stefano Figura2022-08-26
| | |/ / | |/| | | | | | Signed-off-by: Stefano Figura <stefano@figura.im>
* | | | Merge pull request #15503 from giuseppe/make-move-to-sub-cgroup-non-fatalOpenShift Merge Robot2022-08-26
|\ \ \ \ | | | | | | | | | | service: make move to sub-cgroup non fatal
| * | | | service: make move to sub-cgroup non fatalGiuseppe Scrivano2022-08-26
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | if we are running in a container in the root cgroup, Podman tries to move itself to a sub-cgroup. This could be a problem in a setup where the cgroups are not writeable, so just log a debug message and continue, since anyway it is a best-effort operation. Closes: https://github.com/containers/podman/issues/15498 [NO NEW TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #15495 from ↵OpenShift Merge Robot2022-08-26
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/vbauerster/mpb/v7-7.5.2 Bump github.com/vbauerster/mpb/v7 from 7.4.2 to 7.5.2
| * | | | Bump github.com/vbauerster/mpb/v7 from 7.4.2 to 7.5.2dependabot[bot]2022-08-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/vbauerster/mpb/v7](https://github.com/vbauerster/mpb) from 7.4.2 to 7.5.2. - [Release notes](https://github.com/vbauerster/mpb/releases) - [Commits](https://github.com/vbauerster/mpb/compare/v7.4.2...v7.5.2) --- updated-dependencies: - dependency-name: github.com/vbauerster/mpb/v7 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | Merge pull request #15477 from flouthoc/remote-build-idmappingsOpenShift Merge Robot2022-08-26
|\ \ \ \ \ | |_|/ / / |/| | | | remote,API: fix implementation of build with `--userns=auto` for API and remote use-cases.
| * | | | remote: fix implementation of build with --userns=auto for APIAditya R2022-08-26
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `podman-remote` and Libpod API does not supports build with `--userns=auto` since `IDMappingOptions` were not implemented for API and bindings, following PR implements passing `IDMappingOptions` via bindings to API. Closes: https://github.com/containers/podman/issues/15476 Signed-off-by: Aditya R <arajan@redhat.com>
* | | | Merge pull request #15486 from dfr/freebsd-syslogOpenShift Merge Robot2022-08-26
|\ \ \ \ | |/ / / |/| | | cmd/podman: Enable --syslog on FreeBSD
| * | | cmd/podman: Enable --syslog on FreeBSDDoug Rabson2022-08-26
| |/ / | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | Merge pull request #15482 from edsantiago/docs_dedup_systemdOpenShift Merge Robot2022-08-26
|\ \ \ | | | | | | | | Man pages: refactor common options: --systemd
| * | | Man pages: refactor common options: --systemdEd Santiago2022-08-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | I went with the podman-run version, which better conforms to style conventions. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #15474 from umohnani8/gen-kubeDaniel J Walsh2022-08-26
|\ \ \ \ | | | | | | | | | | Remove duplicate annotations in generated service yaml
| * | | | Remove duplicate annotations in generated service yamlUrvashi Mohnani2022-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't add the same annotations as the pod yaml to the service yaml as it is not needed. [NO NEW TESTS NEEDED] Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | | | Merge pull request #15490 from rhatdan/codespellOpenShift Merge Robot2022-08-26
|\ \ \ \ \ | | | | | | | | | | | | Run codespell
| * | | | | Run codespellDaniel J Walsh2022-08-25
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #15487 from mheon/image_delete_eventOpenShift Merge Robot2022-08-26
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | Compat API image remove events now have 'delete' status
| * | | | | Compat API image remove events now have 'delete' statusMatthew Heon2022-08-25
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change only the compat API, so we don't force a breaking change on Libpod API users. Partial fix for #15485 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #15489 from ashley-cui/makepkgOpenShift Merge Robot2022-08-25
|\ \ \ \ \ | |_|/ / / |/| | | | [CI:DOCS] Automatically set podman version in pkginstaller
| * | | | [CI:DOCS] Automatically set podman version in pkginstallerAshley Cui2022-08-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow the pkginstaller makefile target to take advantage of Podman's version binary, alleviating the need to manually set Podman's version (and inevitably forgetting to do so). This means the pkginstaller Makefile will automatically detect what version of Podman we're packaging. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | | Merge pull request #15466 from mtrmac/image-trust-sigstoreDaniel J Walsh2022-08-25
|\ \ \ \ \ | |_|/ / / |/| | | | podman image trust overhaul, incl. sigstore
| * | | | Preserve all unknown PolicyRequirement fields on (podman image trust set)Miloslav Trmač2022-08-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are unmarshaling and re-marshaling JSON, which can _silently_ drop data with the Go design decision.data. Try harder, by using json.RawMessage at least for the data we care about. Alternatively, this could use json.Decoder.DisallowUnknownFields. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | | | Reorganize the types in policy.go a bitMiloslav Trmač2022-08-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... to go from top to bottom. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | | | Add support for showing keyPaths in (podman image trust show)Miloslav Trmač2022-08-25
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | | | Support (image trust show) for sigstoreSigned entriesMiloslav Trmač2022-08-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | sigstoreSigned does not have GPG IDs, so we add N/A in that column. NOTE: this does not show the use-sigstore-attachments value from registries.d. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | | | BREAKING CHANGE: Change how (podman image trust show) represents multiple ↵Miloslav Trmač2022-08-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | requirements Currently - the output uses the first entry's type, even if the requirements are different (notably signedBy + sigstoreSIgned) - all public keys IDs are collected to a single line, even if some of them are interchangeable, and some are required (e.g. two signedBy requirements could require an image to be signed by (redhatProd OR redhatBeta) AND (vendor1 OR vendor2) So, stop collapsing the requirements, and return a separate entry for each one. Multiple GPG IDs on a single line used to mean AND or OR, now they always mean AND. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | | | Reorganize descriptionsOfPolicyRequirements a bitMiloslav Trmač2022-08-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do the registries.d lookup once, separately from building an entry, so that we can share it across entries. Also prepare a separate res to allow adding multiple entries. Signed-off-by: Miloslav Trmač <mitr@redhat.com>