summaryrefslogtreecommitdiff
path: root/Makefile
Commit message (Collapse)AuthorAge
* podman/libpod: add default AppArmor profileValentin Rothberg2018-07-11
| | | | | | | | | | | | | | | | | Make users of libpod more secure by adding the libpod/apparmor package to load a pre-defined AppArmor profile. Large chunks of libpod/apparmor come from github.com/moby/moby. Also check if a specified AppArmor profile is actually loaded and throw an error if necessary. The default profile is loaded only on Linux builds with the `apparmor` buildtag enabled. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1063 Approved by: rhatdan
* Bump gitvalidation epochMatthew Heon2018-07-06
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Makefile: Use a pattern rule for cross-compilationW. Trevor King2018-07-06
| | | | | | | | | | | | | | | | | | | | | | | Pattern-rule documentation is in [1]. This commit follows the basic approach from [2], with the portable build tags from [3]. Using --keep-going allows folks to see errors for multiple target platforms. For example, if the Darwin target dies, we'll still attempt to build the Linux target before erroring out. I've added an ALLOWED_TO_FAIL environment variable to mark script blocks for the the allow_failures block. Currently we're requiring builds from Linux for Linux and OS X to succeed, but allowing builds from OS X to both targets to fail. [1]: https://www.gnu.org/software/make/manual/html_node/Pattern-Intro.html#Pattern-Intro [2]: https://github.com/kubernetes-incubator/cri-o/commit/e5031fcf9af7d6c78d21e38ab9f82d2392ba05e8 [3]: https://github.com/kubernetes-incubator/cri-o/pull/1653 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #1034 Approved by: baude
* more changes to compile darwinbaude2018-07-05
| | | | | | | | | | | | | | | | this should represent the last major changes to get darwin to **compile**. again, the purpose here is to get darwin to compile so that we can eventually implement a ci task that would protect against regressions for darwin compilation. i have left the manual darwin compilation largely static still and in fact now only interject (manually) two build tags to assist with the build. trevor king has great ideas on how to make this better and i will defer final implementation of those to him. Signed-off-by: baude <bbaude@redhat.com> Closes: #1047 Approved by: rhatdan
* Makefile: Use 'git diff' to show gofmt changesW. Trevor King2018-07-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes fixing errors easier. Before this commit, errors looked like [1]: $ make gofmt libpod/container_linux.go:1::warning: file is not gofmted with -s (gofmt) make: *** [gofmt] Error 1 But that's not very helpful when your local gofmt thinks the file is fine. With this commit, errors will look like: $ make gofmt find . -name '*.go' ! -path './vendor/*' -exec gofmt -s -w {} \+ git diff --exit-code diff --git a/libpod/container_internal.go b/libpod/container_internal.go index df4de3fe..22b39870 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1,7 +1,7 @@ package libpod import ( -"bytes" + "bytes" "context" "encoding/json" "fmt" make: *** [Makefile:87: gofmt] Error 1 (or whatever, I just stuffed in a formatting error for demonstration purposes). Also remove the helper script in favor of direct Makefile calls, because with Git handling difference reporting and exit status, this becomes a simpler check. find's -exec, !, and -path arguments are specified in POSIX [2]. [1]: https://travis-ci.org/kubernetes-incubator/cri-o/jobs/331949394#L1075 [2]: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/find.html Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #1038 Approved by: rhatdan
* changes to allow for darwin compilationbaude2018-06-29
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1015 Approved by: baude
* Bump gitvalidation epochMatthew Heon2018-06-29
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add podman-image and podman-container man page linksDaniel J Walsh2018-06-25
| | | | | | | | | | | | | | podman image and podman container have alternate CLI to standard CLI for a lot of commands. The man pages can be shared between both. This patch adds links so that of some executes `podman image load`, they will actually see the `podman load` man page. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #993 Approved by: mheon
* make varlink optional for podmanbaude2018-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | some platforms and operating systems do not have varlink. in those cases, we need to be able to turn off enablement of varlink in podman. this can now be done with BUILDTAGS passed to the build though perhaps in the future will be better. the default is to build with varlink Signed-off-by: baude <bbaude@redhat.com> squash! make varlink optional for podman The API.md and cmd/podman/varlink/ioprojectatomicpodman.go targets will continue to work regardless of the presence (or not) of 'varlink' is in BUILDTAGS. However, cmd/podman/varlink/ioprojectatomicpodman.go is now only required by the podman target when BUILDTAGS contains 'varlink'. API.md had also been an podman dependency since 5b2627dd (Makefile: Drop find-godeps.sh for podman target, 2018-05-15, #776) when I expanded varlink_api_generate. It had been an indirect podman dependency (via varlink_api_generate) since 25263558 (Generate varlink API documentation automatically, 2018-05-07, #734). But the podman executable obviously doesn't depend on the Markdown file, so I'm removing that dependency here. Signed-off-by: baude <bbaude@redhat.com> squash! make varlink optional for podman The command-pointer approach will scale well if/when we add additional optional commands behind their own build tags, because those tags won't all be competing for the same getOptionalCommands namespace. Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #987 Approved by: rhatdan
* Bump gitvalidation epochMatthew Heon2018-06-22
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Update gitvalidation epochMatthew Heon2018-06-18
| | | | | | | | | | A commit snuck through without a DCO, update to a commit after the broken one. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #957 Approved by: mheon
* Bump gitvalidation epochMatthew Heon2018-06-15
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Bump gitvalidation epochDaniel J Walsh2018-06-08
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Update epoch to fix validation problemsDaniel J Walsh2018-06-07
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #922 Approved by: TomSweeneyRedHat
* Bump gitvalidation epochMatthew Heon2018-06-01
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Makefile: Add stderr redirect to HAS_PYTHON3 definitionW. Trevor King2018-05-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For two reasons: * When a system is missing python3, we don't need to spam them with "Command not found" in their stderr. * Without the redirect, GNU Make (at least version 4.2.1) is overly clever and tries to invoke the command itself, not realizing that it's a shell builtin [1]. $ make --version GNU Make 4.2.1 Built for aarch64-unknown-linux-gnu Copyright (C) 1988-2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. $ cat Makefile PYTHON3_A := $(shell command -v python3) PYTHON3_B := $(shell command -v python3 2>/dev/null) test: @echo "SHELL: '$(SHELL)'" @echo "PYTHON3_A: '$(PYTHON3_A)'" @echo "PYTHON3_B: '$(PYTHON3_B)'" $ make make: command: Command not found SHELL: '/bin/sh' PYTHON3_A: '' PYTHON3_B: '/usr/bin/python3' By adding the redirect we actually hit the shell and can successfully invoke command. [1]: https://stackoverflow.com/a/17550243 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #856 Approved by: rhatdan
* Cleanup man pagesDaniel J Walsh2018-05-30
| | | | | | | | | | Format md files to work properly when converted to man pages. Add sed command to cleanup table in podman man page. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #842 Approved by: mheon
* Remove varlink's generated Go filebaude2018-05-29
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #840 Approved by: baude
* Bump gitvalidation epochMatthew Heon2018-05-25
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* use $GO env-var instead of hard-coded go binaryLokesh Mandvekar2018-05-21
| | | | | | | Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org> Closes: #817 Approved by: TomSweeneyRedHat
* tidy up the copr specbaude2018-05-21
| | | | | | | | | | | | on os's (like centos) where python3 might not be installed, do not attempt to build the python3 varlink client. varlink python is only supported on python3. also, change the conditions for f28 to match the fedora official specs. Signed-off-by: baude <bbaude@redhat.com> Closes: #813 Approved by: baude
* Tighten the security on the podman varlink socketDaniel J Walsh2018-05-19
| | | | | | | | | | | We only want root to be allowed to access this socket. Also move socket to /run/podman directory. This requires us to drop a podman.conf tmpfiles.d file. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #806 Approved by: mheon
* Update gitvalidation epochMatthew Heon2018-05-18
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* hooks/docs: Add oci-hooks.5 and per-package man page buildingW. Trevor King2018-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows us to reference the hooks docs from podman(1) in a way that will survive system installation. The downside is that the GitHub rendered pages become less usable, now that we can no longer embed links as freely as we could before. I've followed the "Sections within a manual page" suggestions from [1]. locale(7) is [2], which is Linux-specific. Even section numbering is platform-dependent [3], so it's unlikely that these external man references are particularly portable. Platform packagers can adjust our local references to match their target system, but that leaves the GitHub rendering in an awkward place. For now, I think a Linux-centric GitHub rendering without clickable links may be the best we can do without moving away from go-md2man. As far as I can tell, there's not a nice way to get go-md2man to wrap the links in SEE ALSO without sometimes hyphenating a URL (which makes it harder for man-page readers to copy/paste those links into their browser). I've also fixed some "extention" -> "extension" typos. [1]: http://man7.org/linux/man-pages/man7/man-pages.7.html [2]: http://man7.org/linux/man-pages/man7/locale.7.html [3]: https://en.wikipedia.org/wiki/Man_page#Manual_sections Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #772 Approved by: mheon
* Makefile: Use ?= for shell variables (ISODATE, etc.)W. Trevor King2018-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously, Make would execute these shell commands even if we didn't need the resulting variable. With ?='s recursive expansion [1], we only expand the variable when it's consumed. For example, the ISODATE variable is only needed in the recipe for the changelog target, so most Make invocations won't need the value, and the computation is just making whatever Make actually is doing slower. I've shifted the GIT_COMMIT and BUILD_INFO values over to LDFLAGS_PODMAN, because the test/*/* targets don't care about those. I've also moved the Go-specific -ldflags from the variables into the recipes themselves, because callers probably expect C semantics for LDFLAGS and not Go's wrapper. That means that there's no longer a need for the LDFLAGS/BASE_LDFLAGS separation, so I'm just using LDFLAGS (and LDFLAGS_PODMAN) now. That reduces the declared variables to just LDFLAGS_PODMAN, so I've shifted that declaration up to get it closer to its GIT_COMMIT and BUILD_INFO precursors. [1]: https://www.gnu.org/software/make/manual/html_node/Setting.html Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #777 Approved by: rhatdan
* Makefile: Respect GOBINW. Trevor King2018-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | And use 'go env GOBIN' to detect the user's existing preference. From [1]: > The bin directory holds compiled commands. Each command is named > for its source directory, but only the final element, not the entire > path. That is, the command with source in DIR/src/foo/quux is > installed into DIR/bin/quux, not DIR/bin/foo/quux. The "foo/" > prefix is stripped so that you can add DIR/bin to your PATH to get > at the installed commands. If the GOBIN environment variable is > set, commands are installed to the directory it names instead of > DIR/bin. GOBIN must be an absolute path. > ... > Go searches each directory listed in GOPATH to find source code, but > new packages are always downloaded into the first directory in the > list. So if GOBIN is set, it will be non-empty, and we can use $(GOBIN)/... If GOBIN is unset, 'go env GOBIN' will return an empty string (as it does on Travis [2]). In that case, I'm assuming that the package in question is in the first directory in GOPATH and using the new FIRST_GOPATH (firstword and subst are documented in [3]). That's probably fairly safe, since our previous GOPATH handling assumed it only contained a single path, and nobody was complaining about that. Using ?= allows us to skip the 'dirname' call if we end up not needing GOPKGBASEDIR [4] (e.g. for the 'help' target). The recursive expansion could cause an issue if the result of the shell expansions included a '$', but those seem unlikely in GOPKGBASEDIR, GOMD2MAN, or the manpage paths. I haven't used ?= for GOBIN, because we'll always need the expanded value for the if check. Using GOMD2MAN allows us to collapse old ||-based recipe into a less confusing invocation. And using a static pattern rule [5] for $(MANPAGES) lets us write a single rule to handle both section 1 and section 5. While I was updating the GOPATH handling, I moved .gopathok from the possibly-shared $(GOPATH)/.gopathok to the definitely-specific-to-this-project .gopathok. That may cause some issues if you rebuild after changing your GOPATH without calling 'clean', but I don't expect folks to change their GOPATH frequently. And the old approach would fail if different consumers were also using the same flag path to mean something else (as CRI-O does [6]). As part of cleaning up .gopathok, I've also collapsed clean's rm calls into a single invocation. That will give us the same results with less process setup/teardown penalties. [1]: https://golang.org/cmd/go/#hdr-GOPATH_environment_variable [2]: https://travis-ci.org/projectatomic/libpod/jobs/379345071#L459 [3]: https://www.gnu.org/software/make/manual/html_node/Text-Functions.html [4]: https://www.gnu.org/software/make/manual/html_node/Setting.html [5]: https://www.gnu.org/software/make/manual/html_node/Static-Usage.html [6]: https://github.com/kubernetes-incubator/cri-o/blob/v1.10.1/Makefile#L62 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #774 Approved by: mheon
* Makefile: Drop find-godeps.sh for podman targetW. Trevor King2018-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We inherited this from a031b83a (Initial checkin from CRI-O repo, 2017-11-01), but: * The output is actually going into bin/podman, so Make will rebuild this target every time. You'll never be able to save compilation because the target is newer than all the prerequisites. * Make expands prerequisites immediately when loading a Makefile [1], and on my wimpy Chromebook SD Card, this is *slow*: $ time hack/find-godeps.sh ~/.local/lib/go/src/github.com/projectatomic/libpod cmd/podman github.com/projectatomic/libpod ... real 0m56.225s user 0m44.918s sys 0m21.918s * Go is pretty good at this on its own, so having make call 'go build' every time will almost certainly be faster than us trying to mimic this in a shell script. And by punting to Go in the recipe, Make invocations that do not need the podman target (e.g. 'make help') can skip the dependency lookup entirely. [1]: https://www.gnu.org/software/make/manual/html_node/Reading-Makefiles.html#Rule-Definition Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #776 Approved by: rhatdan
* Refactor libpod python varlink bindingsJhon Honce2018-05-16
| | | | | | | | | | | | | | | | | | | - More pythonic - Leverage context managers to help with socket leaks - Add system unittest's - Add image unittest's - Add container unittest's - Add models for system, containers and images, and their collections - Add helper functions for datetime parsing/formatting - GetInfo() implemented - Add support for setuptools - Update documentation - Support for Python 3.4-3.6 Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #748 Approved by: baude
* Update gitvalidation epochMatthew Heon2018-05-11
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Generate varlink API documentation automaticallybaude2018-05-08
| | | | | | | | | | Using varlink's idl parser, we generate API documentation for the podman API relying on the .varlink file as the source. Signed-off-by: baude <bbaude@redhat.com> Closes: #734 Approved by: baude
* Bump gitvalidation epochMatthew Heon2018-05-04
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add directory for systemd socket and service if not presentTomSweeneyRedHat2018-05-03
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #717 Approved by: baude
* correct varlink command in service filebaude2018-04-30
| | | | | | | | | | The struct of the varlink command changed to accept a URI as input. This was never updated in the service file Signed-off-by: baude <bbaude@redhat.com> Closes: #691 Approved by: mheon
* Bump gitvalidation epochMatthew Heon2018-04-27
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Use buildah commit and bud in podmanbaude2018-04-27
| | | | | | | | | | | Vendor in buildah and use as much of commit and bug as possible for podman build and commit. Resolves #586 Signed-off-by: baude <bbaude@redhat.com> Closes: #681 Approved by: mheon
* varlink imagesbaude2018-04-26
| | | | | | | | | | | | | implement varlink image functions for working with libpod with the exception of a couple due to incompletions on the libpod side of things (build). also, created a first pass at a libpodpy package which will stand as a client to working with libpod's varlink methods using python. Signed-off-by: baude <bbaude@redhat.com> Closes: #669 Approved by: baude
* updated epoch for bad dcobaude2018-04-25
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #673 Approved by: mheon
* Only generate the varlink glue code if needed and from the vendor dirHarald Hoyer2018-04-25
| | | | | Closes: #671 Approved by: baude
* Makefile; make podman depend on varlink_generateGiuseppe Scrivano2018-04-24
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #663 Approved by: baude
* Merge pull request #641 from nathwill/man-libpodDaniel J Walsh2018-04-23
|\ | | | | add libpod.conf man page (closes #537)
| * add libpod.conf man pageNathan Williams2018-04-21
| | | | | | | | Signed-off-by: Nathan Williams <nath.e.will@gmail.com>
* | Initial varlink implementationbaude2018-04-23
| | | | | | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #627 Approved by: mheon
* | Bump gitvalidation epochMatthew Heon2018-04-20
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Add make .git targetbaude2018-04-20
|/ | | | | | | | | Runs gomfmt and gitvalidation Signed-off-by: baude <bbaude@redhat.com> Closes: #589 Approved by: mheon
* Bump gitvalidation epochMatthew Heon2018-04-13
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Bump gitvalidation epochMatthew Heon2018-04-05
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Makefile: Fix typo podmon -> podmanMarcos Paulo de Souza2018-04-02
| | | | | | | | | This typo was introduced in 3aa63b2b Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com> Closes: #578 Approved by: rhatdan
* Bump gitvalidation epochMatthew Heon2018-03-29
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Bump gitvalidation epochMatthew Heon2018-03-23
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Makefile: add changelog targetValentin Rothberg2018-03-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Maintaining a changelog for each new version or release of Podman helps users to quickly skim for new changes. Add a `make changelog` target to facilitate creating a new log. There are two env variables to control the base and target commit for the new log. The output gets prepended to the changelog.txt file, which is a textfile in following format: - Changelog for $(CHANGELOG_TARGET) (ISO-8601 DATE): * Commit subject * Commit subject... Notice that the list of commit subjects excludes merge commits, and can be manually modified after generation if needed. `CHANGELOG_BASE=v0.3.2 CHANGELOG_TARGET=v0.3.3 make changelog` would generate the following shortened output to the changelog.txt file: Changelog for v0.3.3 (2018-03-17): * Bump to v0.3.3 * Fix build after c/image changes * Update containers/image * Fix E2E tests * Address review comments * Fix E2E tests * Add restart to main podman manpage * Add podman restart to podman bash completions and commands Signed-off-by: Valentin Rothberg <vrothberg@suse.com>