summaryrefslogtreecommitdiff
path: root/Makefile
Commit message (Collapse)AuthorAge
* [makefile] disable security labeling instead of using --privilegedDan Čermák2022-08-29
| | | | | | | | | | | | $(CURDIR) is mounted in podman as is which causes issues on systems with SELinux as then the container cannot read or write anything inside /src/. This has been worked around with the --privileged flag, but that's a rather brutal solution. Adding :Z is also suboptimal, as that requires a full relabeling after every run. Instead, we disable security labeling via `--security-opt label=disable` for this development container allowing us to run `make vendor-in-container` unprivileged. Signed-off-by: Dan Čermák <dcermak@suse.com>
* Run codespellDaniel J Walsh2022-08-25
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Install podman-docker.conf on user-tmpfiles.d tooSeongChan Lee2022-08-24
| | | | | | | | | `systemd-tmpfiles` reads "user" configurations in `/usr/share/user-tmpfiles.d` when `--user` mode is set. User unit `systemd-tmpfiles-setup.service` can be enabled to alias rootless socket through systemd-tmpfiles. Signed-off-by: SeongChan Lee <foriequal@gmail.com>
* Refactor common options in man pagesEd Santiago2022-08-03
| | | | | | | | | | | | | | podman-create and -run have many options in common. To date, these are copy-pasted and haphazardly maintained. Solution: add an include mechanism, '@@option foo', such that multiple md source files can fetch from one common file. This is a Phase One commit, a very small subset of what's possible. Purpose of this commit is ease of review. If this passes review, much more (trickier stuff) will be forthcoming. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #14719 from cevich/use_preinstalled_batsOpenShift Merge Robot2022-07-28
|\ | | | | Cirrus: Use pre-installed bats
| * Remove bats installation script and make targetChris Evich2022-07-28
| | | | | | | | | | | | | | | | | | | | While convenient, it can be problematic to rely on a Makefile to install software. This was found to be the case across multiple environments WRT `bats`. Fix this by removing the install script and target. A future commit will ensure the correct version of `bats` is present in all CI environments where it's required. Signed-off-by: Chris Evich <cevich@redhat.com>
* | CI: new check for leftover skips/fixmesEd Santiago2022-07-28
|/ | | | | | | If a PR says "Fixes #123", make sure it removes skips and/or FIXME comments that reference issue 123. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #14957 from edsantiago/dont_remake_remoteOpenShift Merge Robot2022-07-22
|\ | | | | Makefile: use order-only prereq for podman-remote
| * Makefile: use order-only prereq for podman-remoteEd Santiago2022-07-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman-remote has a dependency on $(SRCBINDIR), because on Mac and Windows that's a special dir that may not exist. But depending on a directory means depending on its mtime, which changes every time a file in it is updated, which means running 'make' twice in a row will rebuild podman-remote for no good reason. Solution: GNU Make has the concept of "order-only" prerequisites, precisely for this situation. Use it. Since it's an obscure feature, document it. UPDATE: This exposed some nasty duplication wrt podman-remote rules. Clean those up, and add comments to some confusing sections. Fixes: #14756 (Also, drive-by edit to remove a stray misdocumented non-option) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Makefile: remove building pages for man5Aditya R2022-07-20
| | | | | | | | | | | | | | [NO NEW TESTS NEEDED] [NO TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
* | makefile: remove processing of pkg/docsAditya R2022-07-20
|/ | | | | | | | | Since no pkg now containers this path [NO NEW TESTS NEEDED] [NO TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
* Run codespellDaniel J Walsh2022-07-18
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Cirrus: Add podman-machine integration testChris Evich2022-07-01
| | | | | | | | | | | | | | | | | | | | | | | The podman-machine integration tests are designed to execute on bare-metal, since they perform significant work with virtual-machines. This test is costly to run at scale, so it is limited to being manually triggered by developers (for now). A 'trigger' button will appear in the task status page of the Github WebUI once all test dependencies are met. In the Cirrus-CI WebUI, there is also a 'pre-trigger' button that may be pressed if a developer doesn't wish to wait. Also: * Add a `localmachine` target in the `Makefile` on the off-chance developers wish to execute locally. Update the `ginkgo-run` target to accommodate re-use by the new `localmachine` target. * Exclude `podman_machine` task from `success` dependency verification. This also involves adding an exception to `cirrus_yaml_test.py` otherwise it will complain loudly. * ***NOTE*** Inclusion of `ec2_instance` in *any* task will cause `hack/get_ci_vm.sh` to barf and be non-functional. Future updates will be made to restore functionality. Before then, simply comment out the `ec2_instance` section as a temporarily workaround. Signed-off-by: Chris Evich <cevich@redhat.com>
* podman-play-kube template: rename to podman-kubeValentin Rothberg2022-06-30
| | | | | | | | With the upcoming plans of introducing a podman-kube command with various subcommands, rename the podman-play-kube systemd template to podman-kube before releasing it. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Makefile: don't try to build rootlessport on FreeBSDDoug Rabson2022-06-28
| | | | | | | | | | | Rootless containers are not possible on FreeBSD. While I would like to close that gap, getting the necessary changes into the FreeBSD kernel is a long term project so until then, this removes the rootlessport helper from the build on FreeBSD. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* Makefile: don't use '-t' to specify the directory to install manpagesDoug Rabson2022-06-28
| | | | | | | | | | | | | | | This option doesn't exist on freebsd or macos' install utility. In this case, we can use the 'install file1 file2 ... dir' pattern which is supported by all implementations of install that I'm aware of. The makefile rule already creates the target directory so there is no ambiguity. No new tests are needed here since the same files are being installed in the same places. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* Makefile: use GNU sed to convert manpages on FreeBSDDoug Rabson2022-06-28
| | | | | | | | | | | | | The sed implementation on FreeBSD has a strict interpretation of posix 'basic' regular expressions. It would be better to re-implement this using 'extended' regular expressions but for now, just use GNU sed. This should have no functional difference on currently supported platforms. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* Makefile: use bash to evaluate tool pathsDoug Rabson2022-06-28
| | | | | | | | | | | | | | | The makefile uses the pattern $(shell command -v path1 path2 ...) to deduce pathnames for various executables. On FreeBSD, the default shell does have a 'command' builtin which supports the '-v' option but only allows a single path as argument. Rather than work around this limitation with alternatives like for, just set bash as the default shell. We already require bash to be installed for various helper scripts. This change only affects FreeBSD so no new tests are needed. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* test/testvol: rework testvol binaryPaul Holzinger2022-06-23
| | | | | | | | | | | | | | | | | | Add 4 new subcommands to the testvol binary, instead of just serving the volume api it now also can create/list/remove plugins. This is required to test new functionality where volumes are create outside of podman in the plugin. Podman should then be able to pick up the new volumes. The new testvol commands are: - serve: serve the podman api like the the testvol command before - create: create a volume with the given name - list: list all volume names - remove: remove the volume with the given name Also make a small update to the testvol Containerfile so that it can build correctly. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* test/testvol: update container image golang to 1.18Paul Holzinger2022-06-23
| | | | | | | | | | | Update the golang verion for the testvol image to the latest version 1.18. This requires us to build with GO111MODULE=off. Use the FQDN to prevent the shortnames prompt. Also add --network none to the podman build command to make sure we are only using the copied deps and nothing else. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* test/testvol: move Containerfile into testvol dirPaul Holzinger2022-06-23
| | | | | | | | | | | I think it is confusion to have this Containerfile in the repo root. It is used for the tests only so we should move it into the same dir. Also adapt the Makefile target to use the new path and add the current date as tag instead of using latest which can break CI easily when we have to update the image. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* golangci-lint: update to v1.46.2Paul Holzinger2022-06-15
| | | | | | | | | | | | Update to the latest golangci-lint version. v1.46 added new linters. I disabled nonamedreturns and exhaustruct since they enforce a certain code style and using them would require big changes to the code base. The nosprintfhostport is new and I fixed one problem in the tests. While the test itself is fine because it uses ipv4 only the linter still looks good because the sprintf use will fail for ipv6 addresses. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Makefile: Handle unexpected empty var. valuesChris Evich2022-06-01
| | | | | | | | | | | | | | | | | | Fixes #14021 Substitution values built from `$(shell ...)` output can easily be empty due to the shell's default `pipefail` behavior. This can also hide non-zero exit codes, similarly resulting in empty values being set. While not a perfect fix, the situation is improved by using the `err_if_empty` function in all cases where empty values would be unexpected. Remove the definitions for `GIT_BRANCH` and `GIT_BRANCH_CLEAN` which don't seem to actually be used anywhere (including in code). Add a simple release-test to verify `podman info` outputs a non-empty value for "GitCommit". Signed-off-by: Chris Evich <cevich@redhat.com>
* Makefile: force podman-remote-static to linuxPaul Holzinger2022-06-01
| | | | | | | | | Some of the targets overwrite $GOOS. Since podman-remote-static should always build for linux we can force linux GOOS here. Fixes #14201 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #13870 from kolyshkin/makefile-cleanupsOpenShift Merge Robot2022-05-19
|\ | | | | Makefile: simplify for modern Go
| * Remove GO111MODULES useKir Kolyshkin2022-05-17
| | | | | | | | | | | | Using it is no longer needed. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
| * Makefile: rm gofmt targetKir Kolyshkin2022-05-17
| | | | | | | | | | | | | | It is superceded by golangci-lint, which has gofmt as one of the linters. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
| * Makefile: rm CHANGELOG_* and ISODATE varsKir Kolyshkin2022-05-17
| | | | | | | | | | | | | | Those are not used since commit 0d1ba0a58fdb15af7e. Fixes: 0d1ba0a58fdb15af7 Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
| * Makefile: rm -mod=vendorKir Kolyshkin2022-05-17
| | | | | | | | | | | | | | "go build" no longer requires explicit "-mod=vendor", as this is the default since go 1.14. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
| * Move GOPROXY from Makefile to cirrus.ymlKir Kolyshkin2022-05-17
| | | | | | | | | | | | | | | | | | | | | | GOPROXY's default value is "https://proxy.golang.org,direct" since go 1.13, so it is redundant to set it explicitly. For some reason though, GOPROXY in Cirrus CI is set to direct, which makes things such as go mod tidy very slow. So, set the proper (default) value for in in .cirrus.yml. Do the same for GOSUMDB. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
| * Makefile, podman.spec.rpkg: rm GOBIN and GOPATHKir Kolyshkin2022-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove GOPATH setting as since Go 1.9 it defaults to $HOME/go (for earlier versions it had to be specified explicitly). Remove GOPATH-related code from the spec, using relative paths when compiling packages, and enable Go modules, simplifying the spec. Remove support for multiple paths in GOPATH (which is rarely used and doesn't really work with modules). Remove setting GOBIN, rely on $GOPATH/bin instead. In case GOBIN is explicitly set (which is highly unlikely), forcefully ignore by unsetting it. Remove GOBIN from tools invocation since we added GOPATH/bin to PATH. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
| * Makefile,.gitignore: rm .install.goimportsKir Kolyshkin2022-05-17
| | | | | | | | | | | | | | | | Recent commit 3b9177995e0124beb064ef8615ba9a2ae7ca4f4b removes this target, but some artifacts remain. Remove those. Fixes: 3b9177995e0124beb064ef8615ba9a2ae7ca4f4b Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
| * Makefile: rm .gopathokKir Kolyshkin2022-05-17
| | | | | | | | | | | | | | | | | | | | Since about Go 1.10 (or whereabouts) the specific package structure is no longer required. This also removes GOPKGDIR and GOPKGBASEDIR as they were only used by gopathok. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
| * Makefile: rm .install.libseccomp.sudo targetKir Kolyshkin2022-05-17
| | | | | | | | | | | | | | | | | | | | | | | | This was originally added in commit a824186ac9803ef to be used from Travis CI. Travis was removed in commit 8771a03af1f17f and there is no need to have this target ever since (October 2018). Also, remove the comment about BUILD_TAGS, which originally belonged to varlink target (removed by commit f62a356515e387b0) but got misplaced later. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* | k8systemd: run k8s workloads in systemdValentin Rothberg2022-05-17
|/ | | | | | | | | | | | | | | | | | | | Support running `podman play kube` in systemd by exploiting the previously added "service containers". During `play kube`, a service container is started before all the pods and containers, and is stopped last. The service container communicates its conmon PID via sdnotify. Add a new systemd template to dispatch such k8s workloads. The argument of the template is the path to the k8s file. Note that the path must be escaped for systemd not to bark: Let's assume we have a `top.yaml` file in the home directory: ``` $ escaped=$(systemd-escape ~/top.yaml) $ systemctl --user start podman-play-kube@$escaped.service ``` Closes: https://issues.redhat.com/browse/RUN-1287 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Fix broken pwdEd Santiago2022-05-12
| | | | | | Broken in #14191, merged unintentionally Signed-off-by: Ed Santiago <santiago@redhat.com>
* [CI:DOCS] fix `make localbenchmarks`Valentin Rothberg2022-05-11
| | | | | | | | Since `./hack` has been removed from the Makefile's path, add it back for `make localbenchmarks` to make `podman-registry` binary available for running local registries. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Cirrus: Fix Makefile including 'hack' in $PATHChris Evich2022-05-10
| | | | | | | | This path should never, ever, ever be included in `$PATH` as it is almost guaranteed to cause serious and non-obvious breakage in CI. Fix it and include a warning comment. Signed-off-by: Chris Evich <cevich@redhat.com>
* exclude new tools vendor dir from validatePaul Holzinger2022-05-04
| | | | | | We have no control over the code in the vendored files. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* vendor test tools in submodulePaul Holzinger2022-05-04
| | | | | | | | | | Instead of using the main module we should vendor the test tools in a different directory. That way we do not add extra dependencies to the main module which can be problemetic for packages or other users. This is already done in buildah so this makes us more consitent. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* vendor test dependencies instead of installing via networkPaul Holzinger2022-05-03
| | | | | | | | | | | | | We can vendor the test dependencies such as go-md2man, git-validation and goimports. This allows us to always install the same version as specified in go.mod. Also we do not rely on a network connection for this. The advantage with this method is that dependabot will also update the dependencies for us and we do not have to hardcode versions in the Makefile. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* CI: emergency fix for broken go getPaul Holzinger2022-05-02
| | | | | | | | | | go get is deprecated, we should use go install instead. Also for some reason go get -u golang.org/x/tools/cmd/goimports is broken at the moment, thus failing CI jobs where we have to install this. Switching to go install seems to fix it. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* benchmarks: add more image benchmarksValentin Rothberg2022-04-26
| | | | | | | | Add more benchmarks for the most common and performance-critical image commands. Benchmarks for `podman build` should go into a separate section. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Add podman machine test suiteBrent Baude2022-04-25
| | | | | | | | | | | | | This PR introduces a test suite for podman machine. It can currently be run on developers' local machines and is not part of the official CI testing; however, the expectation is that any work on machine should come with an accompanying test. At present, the test must be run on Linux. It is untested on Darwin. There is no Makefile target for the test. It can be run like `ginkgo -v pkg/machine/test/.`. It should be run as a unprivileged user. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Increase verbosity and sequencing of APIv2 testingChris Evich2022-04-22
| | | | | | | | | | | The default verbosity level does not show the classes or function names. This makes it difficult to debug problems like hangs. Also, separate the bats and python-based tests into two sections. This allows for easier debugging, since isolation can be done in `runner.sh` rather than mucking with the `Makefile`. Lastly, update the logformatter script to `autoflush stdout` (thanks @edsantiago). Signed-off-by: Chris Evich <cevich@redhat.com>
* enable staticcheck linterPaul Holzinger2022-04-22
| | | | | | | Fix many problems reported by the staticcheck linter, including many real bugs! Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* benchmarking Podman: proof of conceptValentin Rothberg2022-04-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a proof of concept for benchmarking Podman. The benchmarks are implemented by means of the end-to-end test suite but hidden behind a `benchmarks` build tag. Running `make localbenchmarks` will run `test/e2e` with the specific build tag and set ginkgo's "focus" to the specific "Podman Benchmark Suite" to only run this spec and skip all others. ginkgo will print a report before terminating listing the CPU and memory stats for each benchmark. New benchmarks can easily be added via the `newBenchmark` function that also supports adding an `init()` function to each benchmark which allows for performing certain setups for the specific benchmark. For instance, benchmarking `podman start` requires creating a container beforehand. Podman may be called more than once in the main function of a benchmark but note that the displayed memory consumption is then a sum of all Podman invocations. The memory consumption is collected via `/usr/bin/time`. A benchmark's report is split into CPU and memory as displayed below: ``` [CPU] podman images: Fastest Time: 0.146s Slowest Time: 0.187s Average Time: 0.180s ± 0.015s [MEM] podman images: Smallest: 41892.0KB Largest: 42792.0KB Average: 42380.7KB ± 286.4KB ``` Note that the benchmarks are not wired into the CI yet. They are meant as a proof of concept. More benchmarks and the plumbing into CI will happen in a later change. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #13602 from edsantiago/size_check_part2OpenShift Merge Robot2022-03-24
|\ | | | | Binary growth check, part 2 of 2
| * Binary growth check, part 2 of 2Ed Santiago2022-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a CI check to prevent unwanted bloat in binary images, by building a baseline (pre-PR) binary then comparing file sizes post-PR. Part 1 (#13518) added a new script that runs multiple 'make's, comparing image sizes against an original, and failing loudly if growth is too big. An override mechanism is defined. This is part 2 of 2: adding the CI rule. We couldn't do that in part 1, because the rule would call a script that didn't exist in the pre-PR commit. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Remove nix packages, since no one is supporting thisDaniel J Walsh2022-03-23
|/ | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>