summaryrefslogtreecommitdiff
path: root/Makefile
Commit message (Collapse)AuthorAge
* enable staticcheck linterPaul Holzinger2022-04-22
| | | | | | | Fix many problems reported by the staticcheck linter, including many real bugs! Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* benchmarking Podman: proof of conceptValentin Rothberg2022-04-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a proof of concept for benchmarking Podman. The benchmarks are implemented by means of the end-to-end test suite but hidden behind a `benchmarks` build tag. Running `make localbenchmarks` will run `test/e2e` with the specific build tag and set ginkgo's "focus" to the specific "Podman Benchmark Suite" to only run this spec and skip all others. ginkgo will print a report before terminating listing the CPU and memory stats for each benchmark. New benchmarks can easily be added via the `newBenchmark` function that also supports adding an `init()` function to each benchmark which allows for performing certain setups for the specific benchmark. For instance, benchmarking `podman start` requires creating a container beforehand. Podman may be called more than once in the main function of a benchmark but note that the displayed memory consumption is then a sum of all Podman invocations. The memory consumption is collected via `/usr/bin/time`. A benchmark's report is split into CPU and memory as displayed below: ``` [CPU] podman images: Fastest Time: 0.146s Slowest Time: 0.187s Average Time: 0.180s ± 0.015s [MEM] podman images: Smallest: 41892.0KB Largest: 42792.0KB Average: 42380.7KB ± 286.4KB ``` Note that the benchmarks are not wired into the CI yet. They are meant as a proof of concept. More benchmarks and the plumbing into CI will happen in a later change. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #13602 from edsantiago/size_check_part2OpenShift Merge Robot2022-03-24
|\ | | | | Binary growth check, part 2 of 2
| * Binary growth check, part 2 of 2Ed Santiago2022-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a CI check to prevent unwanted bloat in binary images, by building a baseline (pre-PR) binary then comparing file sizes post-PR. Part 1 (#13518) added a new script that runs multiple 'make's, comparing image sizes against an original, and failing loudly if growth is too big. An override mechanism is defined. This is part 2 of 2: adding the CI rule. We couldn't do that in part 1, because the rule would call a script that didn't exist in the pre-PR commit. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Remove nix packages, since no one is supporting thisDaniel J Walsh2022-03-23
|/ | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Makefile: build podman-remote-static with cgo disabledLokesh Mandvekar2022-03-21
| | | | | | | | Resolves: #13557 [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* bump golangci-lint to v1.45.0Valentin Rothberg2022-03-21
| | | | | | | | | | * supports Go 1.18 * disable a number of new linters * fix minor stylecheck issues [NO NEW TESTS NEEDED] Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Fix windows win-sshproxy buildPaul Holzinger2022-03-15
| | | | | | | | | Github no longer supports the unauthenticated git protocol, so switch to using https instead. https://github.blog/2021-09-01-improving-git-protocol-security-github/ Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Bump golang to 1.17 in `vendor-in-container`Pascal Bourdier2022-03-11
| | | | | | Go 1.17 compiler got faster Signed-off-by: Pascal Bourdier <pascal.bourdier@gmail.com>
* Move all python tests to pytestJhon Honce2022-03-04
| | | | | | | * Add configuration to add report header for python client used in tests * Move report headers into the individual test runners vs runner.sh Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #13380 from jwhonce/wip/docker-pyOpenShift Merge Robot2022-03-01
|\ | | | | Refactor docker-py compatibility tests
| * Refactor docker-py compatibility testsJhon Honce2022-03-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add which python client is being used to run tests, see "python client" below. * Remove redundate code from test classes * Update/Add comments to modules and classes ======================================================= test session starts ======================================================== platform linux -- Python 3.10.0, pytest-6.2.4, py-1.10.0, pluggy-0.13.1 python client -- DockerClient rootdir: /home/jhonce/Projects/go/src/github.com/containers/podman plugins: requests-mock-1.8.0 collected 33 items test/python/docker/compat/test_containers.py ...s.............. [ 54%] test/python/docker/compat/test_images.py ............ [ 90%] test/python/docker/compat/test_system.py ... [100%] Note: Follow-up PRs will verify the test results and expand the tests. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Allow setting binarypath from MakefileAshley Cui2022-02-28
|/ | | | | | | | | | Packagers for other distributions and package managers may put their helper binaries in other location prefixes. Add HELPER_BINARIES_DIR to the makefile so packagers can set the prefix when building Podman. HELPER_BINARIES_DIR will be set at link-time. Example usage: make podman-remote HELPER_BINARIES_DIR=/my/location/prefix Signed-off-by: Ashley Cui <acui@redhat.com>
* Load ip_tables modules at bootPaul Holzinger2022-02-23
| | | | | | | | | | | | | | | | | | Rootless users cannot load the ip_tables module, in fedora 36 this module is no longer loaded by default so we have to add it manually. This is needed because rootless network setup tries to use iptables and if iptables-legacy is used instead of iptables-nft it will fail. To provide a better user experience we will load the module at boot. Note that this is not needed for RHEL because iptables-legacy is not supported on RHEL 8 and newer. [NO NEW TESTS NEEDED] Fixes #12661 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Initial implementation of mac forwarding using a privileged docker sock ↵Jason T. Greene2022-02-16
| | | | | | claim helper Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* netavark e2e testsBrent Baude2022-02-02
| | | | | | enabled e2e tests for netavark Signed-off-by: Brent Baude <bbaude@redhat.com>
* Makefile: install targets independent of buildLokesh Mandvekar2022-01-25
| | | | | | | | | | | | | | Building from source would involve separate `make` and `make install` steps. This removes a lot of unnecessary `-nobuild` targets which were otherwise needed for packaging. This commit also removes spec files for unused copr jobs. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* Run codespell on codeDaniel J Walsh2022-01-21
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Engine.Remote from containers.confJhon Honce2022-01-20
| | | | | | | | | | | | | | | Heuristic to initialize TunnelMode/remote podman: - Podman built with remote tag - Podman running on darwin or windows GOOS - CONTAINER_HOST or CONTAINER_CONNECTION set in environment - --remote flag given on command line - From containers.conf, Engine.Remote == true and GOOS == linux Otherwise, podman will run in ABIMode/linked against libpod library. Fixes #12866 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Implement API forwarding for podman machine on WindowsJason T. Greene2022-01-19
| | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* bump go module to version 4Valentin Rothberg2022-01-18
| | | | | | | | | | | | | Automated for .go files via gomove [1]: `gomove github.com/containers/podman/v3 github.com/containers/podman/v4` Remaining files via vgrep [2]: `vgrep github.com/containers/podman/v3` [1] https://github.com/KSubedi/gomove [2] https://github.com/vrothberg/vgrep Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Switch to a new installer approach using a path manipulation helperJason T. Greene2021-12-23
| | | | | | | | | | | | Fixes #11089 - cleanup PATH on MSI uninstall Additionally fixes scenarios where the path can be overwritten by setx Also removes the console flash, since the helper is built as a silent gui Helper executable can be rerun by user to repair PATHs broken by other tools Utilizes executable location instead of passed parameters to remove delicate escaping requirements [NO NEW TESTS NEEDED] Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* compat API: allow enforcing short-names resolution to Docker HubValentin Rothberg2021-11-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Docker-compatible REST API has historically behaved just as the rest of Podman and Buildah (and the atomic Docker in older RHEL/Fedora) where `containers-registries.conf` is centrally controlling which registries a short name may resolve to during pull or local image lookups. Please refer to a blog for more details [1]. Docker, however, is only resolving short names to docker.io which has been reported (see #12320) to break certain clients who rely on this behavior. In order to support this scenario, `containers.conf(5)` received a new option to control whether Podman's compat API resolves to docker.io only or behaves as before. Most endpoints allow for directly normalizing parameters that represent an image. If set in containers.conf, Podman will then normalize the references directly to docker.io. The build endpoint is an outlier since images are also referenced in Dockerfiles. The Buildah API, however, supports specifying a custom `types.SystemContext` in which we can set a field that enforces short-name resolution to docker.io in `c/image/pkg/shortnames`. Notice that this a "hybrid" approach of doing the normalization directly in the compat endpoints *and* in `pkg/shortnames` by passing a system context. Doing such a hybrid approach is neccessary since the compat and the libpod endpoints share the same `libimage.Runtime` which makes a global enforcement via the `libimage.Runtime.systemContext` impossible. Having two separate runtimes for the compat and the libpod endpoints seems risky and not generally applicable to all endpoints. [1] https://www.redhat.com/sysadmin/container-image-short-names Fixes: #12320 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Minor Makefile fixChris Evich2021-11-18
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Revert "add kubernetes pause"Valentin Rothberg2021-11-15
| | | | | | | | This reverts commit 9d2b8d2791c23b83b6155b046099a83483860c56 since catatonit's new pause functionality can replace the `pause` binary entirely. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Match .c files in MakefileIan Wienand2021-11-09
| | | | | | | Ensure that rebuilds happen when .c files are updated in the source tree. Signed-off-by: Ian Wienand <iwienand@redhat.com>
* add kubernetes pauseValentin Rothberg2021-10-26
| | | | | | | | | | | Add the k8s pause binary to `pause/pause.c` and do the plumbing in the Makefile to install it in $libexec/podman/pause/pause. It is intended to replace the k8s pause image and hence the need for network connectivity when creating pods. [NO NEW TESTS NEEDED] since it will be tested in a following commit. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Use CGO_ENABLED=1 when building natively on darwinJhon Honce2021-10-14
| | | | | | | | | | | Need to use CGO for mDNS resolution, but cross builds need CGO disabled See https://github.com/golang/go/issues/12524 for details Note: Homebrew forumla will need to be updated to pick up this change Fixes #10737 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* rootlessport: reduce memory usage of the processPaul Holzinger2021-10-12
| | | | | | | | | | | | | | | | | | | | | | Don't use reexec for the rootlessport process, instead make it a separate binary to reduce the memory usage. The problem with reexec is that it will import all packages that podman uses and therefore loads a lot of stuff into the heap. The rootlessport process however only needs the rootlesskit library. The memory usage is a concern since the rootlessport process will spawn two process per container which has ports forwarded. The processes stay until the container dies. On my laptop the current reexec version uses 47800 KB RSS. The new separate binary only uses 4540 KB RSS. This is more than a 90% improvement. The Makefile has been updated to compile the new binary and install it to the libexec directory. Fixes #10790 [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Unit files: Use actual installed path for podmanEd Santiago2021-10-12
| | | | | | | | | | | | | | | | | | | | | Don't hardcode /usr/bin/podman in unit files: instead, use template files with a path replaced at install time. Because 'make' can be invoked repeatedly, with different PREFIX, do not leave the generated files behind in our work directory: wipe them immediately after install. To get this to work, fix a longstanding bug in podman.spec.in, a PREFIX that should've been DESTDIR. Side note: #7023 made contrib/systemd/user a symlink to .../system but did not update paths in Makefile. The unrelated-looking path change you see here is a belated correction for that. Fixes: #10787 Signed-off-by: Ed Santiago <santiago@redhat.com>
* Fix contributor make targets on Ubuntu and DebianAnders F Björklund2021-09-28
| | | | | | | | It was trying to run a bash script with sh [NO TESTS NEEDED] This changes "make lint" Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* Merge pull request #11760 from rhatdan/dockerfileOpenShift Merge Robot2021-09-28
|\ | | | | Add dockerfile.5 as man link to containerfile man page
| * Add dockerfile.5 as man link to containerfile man pageDaniel J Walsh2021-09-27
| | | | | | | | | | | | | | | | | | | | containers-common now ships a containerfile man page, this patch adds a link to dockerfile.5 so that if user installs podman-docker package man dockerfile will work. [NO TESTS NEEDED] since this is just a man page change. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Set MSI to be 64-bit only.Easton Pillay2021-09-27
|/ | | | | | Hi there! I noticed that the MSI file built for Windows was building in 32-bit mode, even though Podman is 64-bit only. I added a flag to wixl in the Makefile to tell it to build a 64-bit MSI, and I adjusted the podman.wxs file to use the right settings for 64-bit programs. Signed-off-by: GitHub <noreply@github.com>
* Makefile: use -ldflags/-gccgoflags depending on the go implemenatitonДилян Палаузов2021-09-23
| | | | | | | | | | | | | Insisting on “DCO” imposes formalities, that serve self-purpose. One cannot assume that the submitter has time or will to read texts about symbolism in software contributions. If the system wants to see the text nrEAUIEUAIe eanuitdnuae EAIUEAUIAIE »ℓ§444.3.72b)°»°ℓ§euaieauuae in each commit, people will write this, or any other text, that the system wants to see. All such text, which presence is mandated by the system, has the same value. Signed-off-by: Дилян Палаузов <git-dpa@aegee.org>
* Cross-build release-archives w/ arch in filenameChris Evich2021-09-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #11417 Cross-building the podman-remote documentation requires a functional native architecture executable. However `make` only deals with files/timestamps, it doesn't understand if an existing binary will function on the system or not. This makes building cross-platform releases incredibly accident-prone and fragile. A practical way to deal with this, is via multiple conditional (nested) `make` calls along with careful manipulation of `$GOOS` and `$GOARCH`. Also, when cross-building releases be kind to humans and cleanup any non-native binaries left behind. Update the `Alt Arch. Cross` Cirrus-CI task to build release archives for all Linux architectures supported by golang and podman. Update the `OSX Cross` task to additionally build for the M1 (arm64) architecture. Finally, update the release process documentation to reflect the new locations (Cirrus-CI task names) for the release archives. Include a note about additional manual work being required to produce the signed `.dmg` file for MacOS. Signed-off-by: Chris Evich <cevich@redhat.com>
* Fix Error, empty output for info: 'VERSION'Chris Evich2021-09-21
| | | | | | | | | | | | | | | | | | | | | When building releases, the definitive canonical version of podman (or podman-remote) is needed. Previously this was accomplished by scraping `version/version.go`. However, due to tooling differences across platforms, this has proven problematic, unreliable, and hard to maintain. Fix this by building and caching a small golang binary who's only purpose is to print the version number to stdout. This not only provides a quick and reliable way to determine the current version, it also acts as a check on the version API vs tooling that relies on it. Lastly, remove several `RELEASE_*` Makefile definitions which aren't actually used anywhere. These were originally added a very long time ago to serve as part of a long since retired release process. The remaining items, were updated to make use of the new `.podmanversion` binary on an as-required basis (i.e. not every time `make` is run). Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Run unit-tests rootlessChris Evich2021-09-09
| | | | | | | | | | Previously (for various reasons) the unittests were limited by the Makefile to root-only. However, experimentation via PR #11490 shows they will actually execute and pass when run as a regular user. Enable this for only the latest Fedora VMs, so as to only add one new task to the (already large) set. Signed-off-by: Chris Evich <cevich@redhat.com>
* Remove changelog.txt from the repositoryjesperpedersen2021-09-07
| | | | | | | | | | | The changelog.txt file hasn't been kept in sync with release tags, especially on main, so remove it. The release notes will be featured in RELEASE_NOTES.md. Signed-off-by: jesperpedersen <jesper.pedersen@redhat.com> [NO TESTS NEEDED]
* Add support for libsubidDaniel J Walsh2021-08-27
| | | | | | | | | This will enable remote access to /etc/subuid and /etc/subgid information from ldap services, if shadow-utils ships with a libsubid. [NO TESTS NEEDED] Since we have no way to test this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #11169 from cevich/enable_docker_py_testingopenshift-ci[bot]2021-08-16
|\ | | | | Enable docker-py compat. testing w/ ignored result
| * Enable docker-py compat. testing w/ ignored resultChris Evich2021-08-09
| | | | | | | | | | | | | | | | | | | | Significant bitrot results in almost immediate test failure. This commit adds only the very basic, bare-minimum needed to get them started. ***TESTING RESULTS ARE IGNORED*** Signed-off-by: Chris Evich <cevich@redhat.com>
* | Run codespell to fix spellingDaniel J Walsh2021-08-11
| | | | | | | | | | | | [NO TESTS NEEDED] Just fixing spelling. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Reproducible Builds: trim embedded cgo pathskpcyrd2021-08-09
|/ | | | Signed-off-by: kpcyrd <git@rxv.cc>
* [CI:DOCS] tests-expect-exit: include source line numbersEd Santiago2021-08-04
| | | | | | | | | | In the new check for preventing 'Expect(ExitCode...)', include source line numbers. Response to #11034, which I totally didn't even understand because it was referencing a different test. Sorry, Brent. Signed-off-by: Ed Santiago <santiago@redhat.com>
* buildah bud tests under podman-remoteEd Santiago2021-07-28
| | | | | | | | | | | | | | | | New functionality -- mostly in the diffs we apply to buildah's helpers.bash -- to enable running buildah-bud tests under podman-remote. The gist of it is, we start a 'podman system service' before each test, and clean it up on test exit. Design decision: the diff file for helpers.bash is no longer trailing-whitespace-clean: that ended up producing diffs that git wouldn't apply, because in some cases the whitespace is actually important. In order to pass CI, we need to exclude this file from some checks. Signed-off-by: Ed Santiago <santiago@redhat.com>
* e2e tests: prevent 'Expect(ExitCode())' patternEd Santiago2021-07-20
| | | | | | | | | | | | | | | | | Followup to #10932: add a validation check to prevent introduction of new 'Expect(foo.ExitCode()).To(...)' patterns. If such use is absolutely necessary -- there is one such instance in the code already -- require that the assertion include a description. Also: clean up instances that were introduced since the merging of #10932. Also: fix one remaining instance in run_exit_test.go: it had a FIXME comment mentioning a race condition, but unfortunately there was no issue or bug ID, hence no way to know if the race is fixed or not. We will assume it is. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Cirrus: Fixes due to master->main renameChris Evich2021-06-30
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #10803 from lsm5/remove-cni-conflistOpenShift Merge Robot2021-06-29
|\ | | | | Makefile: remove install.cni
| * Makefile: remove install.cniLokesh Mandvekar2021-06-28
| | | | | | | | | | | | | | We no longer need to install /etc/cni/net.d/87-podman-bridge.conflist so install.cni isn't needed either. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>