| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
Resolves: #13557
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|
|
|
|
|
|
|
|
| |
Github no longer supports the unauthenticated git protocol, so switch
to using https instead.
https://github.blog/2021-09-01-improving-git-protocol-security-github/
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rootless users cannot load the ip_tables module, in fedora 36 this
module is no longer loaded by default so we have to add it manually.
This is needed because rootless network setup tries to use iptables
and if iptables-legacy is used instead of iptables-nft it will fail.
To provide a better user experience we will load the module at boot.
Note that this is not needed for RHEL because iptables-legacy is not
supported on RHEL 8 and newer.
[NO NEW TESTS NEEDED]
Fixes #12661
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
|
|
| |
claim helper
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
|
|
|
|
|
| |
enabled e2e tests for netavark
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Building from source would involve separate `make` and `make install`
steps.
This removes a lot of unnecessary `-nobuild` targets which were
otherwise needed for packaging.
This commit also removes spec files for unused copr jobs.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Heuristic to initialize TunnelMode/remote podman:
- Podman built with remote tag
- Podman running on darwin or windows GOOS
- CONTAINER_HOST or CONTAINER_CONNECTION set in environment
- --remote flag given on command line
- From containers.conf, Engine.Remote == true and GOOS == linux
Otherwise, podman will run in ABIMode/linked against libpod library.
Fixes #12866
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|
|
|
| |
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Automated for .go files via gomove [1]:
`gomove github.com/containers/podman/v3 github.com/containers/podman/v4`
Remaining files via vgrep [2]:
`vgrep github.com/containers/podman/v3`
[1] https://github.com/KSubedi/gomove
[2] https://github.com/vrothberg/vgrep
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes #11089 - cleanup PATH on MSI uninstall
Additionally fixes scenarios where the path can be overwritten by setx
Also removes the console flash, since the helper is built as a silent gui
Helper executable can be rerun by user to repair PATHs broken by other tools
Utilizes executable location instead of passed parameters to remove delicate escaping requirements
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Docker-compatible REST API has historically behaved just as the rest
of Podman and Buildah (and the atomic Docker in older RHEL/Fedora) where
`containers-registries.conf` is centrally controlling which registries
a short name may resolve to during pull or local image lookups. Please
refer to a blog for more details [1].
Docker, however, is only resolving short names to docker.io which has
been reported (see #12320) to break certain clients who rely on this
behavior. In order to support this scenario, `containers.conf(5)`
received a new option to control whether Podman's compat API resolves
to docker.io only or behaves as before.
Most endpoints allow for directly normalizing parameters that represent
an image. If set in containers.conf, Podman will then normalize the
references directly to docker.io. The build endpoint is an outlier
since images are also referenced in Dockerfiles. The Buildah API,
however, supports specifying a custom `types.SystemContext` in which
we can set a field that enforces short-name resolution to docker.io
in `c/image/pkg/shortnames`.
Notice that this a "hybrid" approach of doing the normalization directly
in the compat endpoints *and* in `pkg/shortnames` by passing a system
context. Doing such a hybrid approach is neccessary since the compat
and the libpod endpoints share the same `libimage.Runtime` which makes
a global enforcement via the `libimage.Runtime.systemContext`
impossible. Having two separate runtimes for the compat and the libpod
endpoints seems risky and not generally applicable to all endpoints.
[1] https://www.redhat.com/sysadmin/container-image-short-names
Fixes: #12320
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
| |
This reverts commit 9d2b8d2791c23b83b6155b046099a83483860c56 since
catatonit's new pause functionality can replace the `pause` binary
entirely.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
| |
Ensure that rebuilds happen when .c files are updated in the source
tree.
Signed-off-by: Ian Wienand <iwienand@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Add the k8s pause binary to `pause/pause.c` and do the plumbing in the
Makefile to install it in $libexec/podman/pause/pause. It is intended to
replace the k8s pause image and hence the need for network connectivity
when creating pods.
[NO NEW TESTS NEEDED] since it will be tested in a following commit.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Need to use CGO for mDNS resolution, but cross builds need CGO disabled
See https://github.com/golang/go/issues/12524 for details
Note: Homebrew forumla will need to be updated to pick up this change
Fixes #10737
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't use reexec for the rootlessport process, instead make it a
separate binary to reduce the memory usage. The problem with reexec is
that it will import all packages that podman uses and therefore loads a
lot of stuff into the heap. The rootlessport process however only needs
the rootlesskit library.
The memory usage is a concern since the rootlessport process will spawn
two process per container which has ports forwarded. The processes stay
until the container dies. On my laptop the current reexec version uses
47800 KB RSS. The new separate binary only uses 4540 KB RSS. This is
more than a 90% improvement.
The Makefile has been updated to compile the new binary and install it
to the libexec directory.
Fixes #10790
[NO TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't hardcode /usr/bin/podman in unit files: instead, use
template files with a path replaced at install time.
Because 'make' can be invoked repeatedly, with different
PREFIX, do not leave the generated files behind in our
work directory: wipe them immediately after install.
To get this to work, fix a longstanding bug in podman.spec.in,
a PREFIX that should've been DESTDIR.
Side note: #7023 made contrib/systemd/user a symlink
to .../system but did not update paths in Makefile.
The unrelated-looking path change you see here is
a belated correction for that.
Fixes: #10787
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|
|
|
|
|
|
|
| |
It was trying to run a bash script with sh
[NO TESTS NEEDED] This changes "make lint"
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
|\
| |
| | |
Add dockerfile.5 as man link to containerfile man page
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
containers-common now ships a containerfile man page,
this patch adds a link to dockerfile.5 so that if user
installs podman-docker package man dockerfile will work.
[NO TESTS NEEDED] since this is just a man page change.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
| |
Hi there! I noticed that the MSI file built for Windows was building in 32-bit mode, even though Podman is 64-bit only. I added a flag to wixl in the Makefile to tell it to build a 64-bit MSI, and I adjusted the podman.wxs file to use the right settings for 64-bit programs.
Signed-off-by: GitHub <noreply@github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Insisting on “DCO” imposes formalities, that serve self-purpose. One cannot
assume that the submitter has time or will to read texts about symbolism in
software contributions. If the system wants to see the text
nrEAUIEUAIe eanuitdnuae EAIUEAUIAIE »ℓ§444.3.72b)°»°ℓ§euaieauuae
in each commit, people will write this, or any other text, that the system wants to
see. All such text, which presence is mandated by the system, has the same value.
Signed-off-by: Дилян Палаузов <git-dpa@aegee.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes #11417
Cross-building the podman-remote documentation requires a functional
native architecture executable. However `make` only deals with
files/timestamps, it doesn't understand if an existing binary will
function on the system or not. This makes building cross-platform
releases incredibly accident-prone and fragile.
A practical way to deal with this, is via multiple conditional (nested)
`make` calls along with careful manipulation of `$GOOS` and `$GOARCH`.
Also, when cross-building releases be kind to humans and cleanup
any non-native binaries left behind.
Update the `Alt Arch. Cross` Cirrus-CI task to build release archives
for all Linux architectures supported by golang and podman. Update
the `OSX Cross` task to additionally build for the M1 (arm64)
architecture.
Finally, update the release process documentation to reflect the
new locations (Cirrus-CI task names) for the release archives. Include
a note about additional manual work being required to produce the
signed `.dmg` file for MacOS.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When building releases, the definitive canonical version of podman (or
podman-remote) is needed. Previously this was accomplished by scraping
`version/version.go`. However, due to tooling differences across
platforms, this has proven problematic, unreliable, and hard to
maintain.
Fix this by building and caching a small golang binary who's only purpose
is to print the version number to stdout. This not only provides a quick
and reliable way to determine the current version, it also acts as a check
on the version API vs tooling that relies on it.
Lastly, remove several `RELEASE_*` Makefile definitions which aren't
actually used anywhere. These were originally added a very long time
ago to serve as part of a long since retired release process. The
remaining items, were updated to make use of the new `.podmanversion`
binary on an as-required basis (i.e. not every time `make` is run).
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Previously (for various reasons) the unittests were limited by the
Makefile to root-only. However, experimentation via PR #11490
shows they will actually execute and pass when run as a regular user.
Enable this for only the latest Fedora VMs, so as to only add one new
task to the (already large) set.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The changelog.txt file hasn't been kept in sync with release tags,
especially on main, so remove it.
The release notes will be featured in RELEASE_NOTES.md.
Signed-off-by: jesperpedersen <jesper.pedersen@redhat.com>
[NO TESTS NEEDED]
|
|
|
|
|
|
|
|
|
| |
This will enable remote access to /etc/subuid and /etc/subgid
information from ldap services, if shadow-utils ships with a libsubid.
[NO TESTS NEEDED] Since we have no way to test this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Enable docker-py compat. testing w/ ignored result
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Significant bitrot results in almost immediate test failure. This
commit adds only the very basic, bare-minimum needed to get them
started.
***TESTING RESULTS ARE IGNORED***
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |
| |
| |
| |
| |
| | |
[NO TESTS NEEDED] Just fixing spelling.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
| |
Signed-off-by: kpcyrd <git@rxv.cc>
|
|
|
|
|
|
|
|
|
|
| |
In the new check for preventing 'Expect(ExitCode...)',
include source line numbers.
Response to #11034, which I totally didn't even understand
because it was referencing a different test. Sorry, Brent.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New functionality -- mostly in the diffs we apply to
buildah's helpers.bash -- to enable running buildah-bud
tests under podman-remote. The gist of it is, we start
a 'podman system service' before each test, and clean
it up on test exit.
Design decision: the diff file for helpers.bash is no
longer trailing-whitespace-clean: that ended up producing
diffs that git wouldn't apply, because in some cases
the whitespace is actually important. In order to pass CI,
we need to exclude this file from some checks.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Followup to #10932: add a validation check to prevent introduction
of new 'Expect(foo.ExitCode()).To(...)' patterns. If such use is
absolutely necessary -- there is one such instance in the code
already -- require that the assertion include a description.
Also: clean up instances that were introduced since the merging
of #10932.
Also: fix one remaining instance in run_exit_test.go: it had
a FIXME comment mentioning a race condition, but unfortunately
there was no issue or bug ID, hence no way to know if the race
is fixed or not. We will assume it is.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\
| |
| | |
Makefile: remove install.cni
|
| |
| |
| |
| |
| |
| |
| | |
We no longer need to install /etc/cni/net.d/87-podman-bridge.conflist
so install.cni isn't needed either.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|/
|
|
|
|
| |
`ETCDIR` isn't prefixed and led to dangling files in `DESTDIR/etc`
Signed-off-by: Tobias Wendorff <1864057+tobwen@users.noreply.github.com>
|
|\
| |
| | |
Fix building static podman-remote
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As near as I can tell, sometime between `v1.6.4` and `v1.9` the definition
of `LDFLAGS_PODMAN_STATIC` was both created and lost. Additionally, after
a refactoring of the `Makefile` it was possible to enable CGO (which
will cause a dynamic binary to be built). Fix both issues by adding the
missing definition and forcing CGO to be disabled.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \
| |/
|/| |
Add podman-restart systemd unit file
|
| |
| |
| |
| |
| |
| |
| | |
* Add podman-restart systemd unit file and add it to podman RPM package
* Fix podman start to filter all containers + unit test
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
|\ \
| | |
| | | |
[CI:DOCS] UPDATE manpages with MANPAGE_SYNTAX
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The following manpages have been adapted to the MANPAGE_SYNTAX:
- podman-completion
- podman-container-checkpoint
- podman-container-cleanup
- podman-container-exists
The following manpages have had little changes:
- podman-attach
- podman-commit
- MANPAGE_SYNTAX
- Makefile
Signed-off-by: Alexander Richter <67486332+Procyhon@users.noreply.github.com>
|
|/
|
|
|
|
|
|
| |
- Bugfix `make nixpkgs` which pin with branch `nixos-21.05`
- Code lint with `nixpkgs-fmt`
- Code sync between x86\_64 and aarch64
Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
|
|
|
|
|
|
|
| |
Updated version for the MANPAGE_SYNTAX and adaption of the syntax for
the manpages of podman-commit, podman-attach, and podman-auto-update.
Signed-off-by: Alexander Richter <67486332+Procyhon@users.noreply.github.com>
|
|
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/9893
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Tests broken up into areas of concern
* Introduced fixtures to reduce duplicated code
* Introduced new assert methods with APITestCase
* General cleanup of code while visiting
* Tests now targeting quay.io
Known issues:
* is-official against quay.io not working
Fixes: #9238
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|