summaryrefslogtreecommitdiff
path: root/cmd
Commit message (Collapse)AuthorAge
* [WIP]Support podman image signQi Wang2019-01-08
| | | | | | Generate a signature claim for an image using user keyring (--sign-by). The signature file will be stored in simple json format under the default or the given directory (--directory or yaml file in /etc/containers/registries.d/). Signed-off-by: Qi Wang <qiwan@redhat.com>
* Honor image environment variables with execAnders F Björklund2019-01-07
| | | | | | | | Was reading the "env" argument twice instead of image. Closes #2063 Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* Merge pull request #2098 from baude/remoteOpenShift Merge Robot2019-01-07
|\ | | | | Add ability to build golang remote client
| * Add ability to build golang remote clientbaude2019-01-07
| | | | | | | | | | | | | | | | | | | | | | Add the ability to build a remote client in golang that uses all the same front-end cli code and output code. The initial limitations here are that it can only be a local client while the bridge and resolver code is being written for the golang varlink client. Tests and docs will be added in subsequent PRs. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2075 from baude/runlabelnameOpenShift Merge Robot2019-01-07
|\ \ | | | | | | container runlabel NAME implementation
| * | container runlabel NAME implementationbaude2019-01-04
| |/ | | | | | | | | | | | | | | | | | | | | when using container runlabel, if a --name is not provided, we must deduce the container name from the base name of the image to maintain parity with the atomic cli. fixed small bug where we split the cmd on " " rather than using fields could lead to extra spaces in command output. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2093 from vrothberg/issue-2092OpenShift Merge Robot2019-01-07
|\ \ | | | | | | podman-login: adhere to user input
| * | podman-login: adhere to user inputValentin Rothberg2019-01-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Do not try to login with existing credentials when the user specifies a username or password on the CLI. * Improve error messages. * Use specified tls-verify switch and cert-dir for all requests. Fixes: #2092 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #2088 from giuseppe/umask-to-0OpenShift Merge Robot2019-01-07
|\ \ \ | |/ / |/| | podman: set umask to 022
| * | podman: set umask to 022Giuseppe Scrivano2019-01-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | be sure there are no bits in the umask that prevent us for creating directories with mode 0755. Set the umask very early in the program startup. Closes: https://github.com/containers/libpod/issues/2074 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2082 from rhatdan/runcOpenShift Merge Robot2019-01-06
|\ \ \ | |/ / |/| | Update vendor of runc
| * | Update vendor of runcDaniel J Walsh2019-01-04
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | Updating the vendor or runc to pull in some fixes that we need. In order to get this vendor to work, we needed to update the vendor of docker/docker, which causes all sorts of issues, just to fix the docker/pkg/sysinfo. Rather then doing this, I pulled in pkg/sysinfo into libpod and fixed the code locally. I then switched the use of docker/pkg/sysinfo to libpod/pkg/sysinfo. I also switched out the docker/pkg/mount to containers/storage/pkg/mount Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / add container-init supportValentin Rothberg2019-01-04
|/ | | | | | | | | | | | | | | | | | | Add support for executing an init binary as PID 1 in a container to forward signals and reap processes. When the `--init` flag is set for podman-create or podman-run, the init binary is bind-mounted to `/dev/init` in the container and "/dev/init --" is prepended to the container's command. The default base path of the container-init binary is `/usr/libexec/podman` while the default binary is catatonit [1]. This default can be changed permanently via the `init_path` field in the `libpod.conf` configuration file (which is recommended for packaging) or temporarily via the `--init-path` flag of podman-create and podman-run. [1] https://github.com/openSUSE/catatonit Fixes: #1670 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* podman build is not using the default oci-runtimeDaniel J Walsh2018-12-28
| | | | | | | | | | Currently if the user installs runc in an alternative path podman run uses it but podman build does not. This patch will pass the default oci runtime to be used by podman down to the image builder. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Allow alias for list, ls, ps to workDaniel J Walsh2018-12-23
| | | | | | | | Allow multiple alias for listing containers and images. Also fix documentation for umount and unmount Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Switch all referencs to image.ContainerConfig to image.ConfigDaniel J Walsh2018-12-21
| | | | | | This will more closely match what Docker is doing. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Change all 'can not' to 'cannot' for proper usageDaniel J Walsh2018-12-21
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* export: fix usage with rootless containersGiuseppe Scrivano2018-12-21
| | | | | | | | | | | | | | Fix usage of export when rootless containers are used without vfs. We join the conmon process namespaces as the container is running in a different one. There can be a problem if the user specify a different path for the conmon process, and then the file is deleted. In this case podman won't be able to find the conmon process to join. Closes: https://github.com/containers/libpod/issues/2027 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* skip test for blkio.weight when kernel does not support itbaude2018-12-20
| | | | Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #1967 from baude/kubereplayOpenShift Merge Robot2018-12-20
|\ | | | | Add Play
| * Add Playbaude2018-12-19
| | | | | | | | | | | | | | podman play kube adds the ability for the user to recreate pods and containers from a Kubernetes YAML file in libpod. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1899 from QiWang19/trustimgOpenShift Merge Robot2018-12-19
|\ \ | |/ |/| Support podman image trust command
| * Support podman image trust commandQi Wang2018-12-19
| | | | | | | | | | | | Display the trust policy of the host system. The trust policy is stored in the /etc/containers/policy.json file and defines a scope of registries or repositories. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #2021 from rhatdan/restartOpenShift Merge Robot2018-12-18
|\ \ | | | | | | Add information on --restart
| * | Add information on --restartDaniel J Walsh2018-12-18
| |/ | | | | | | | | | | | | We need to recommend that users use Systemd unit files if they want the container to restart automatically. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #1935 from deuscapturus/masterOpenShift Merge Robot2018-12-18
|\ \ | | | | | | add getlogin command
| * | add --get-login command to podman-login.Theodore Cowan2018-12-17
| | | | | | | | | | | | | | | | | | | | | Returns user if user is logged-in to the registry. Returns error if not logged in with non-zero status code. Signed-off-by: Theodore Cowan <theodore-cowan@pluralsight.com>
* | | Merge pull request #2019 from baude/kubeserviceinlineOpenShift Merge Robot2018-12-18
|\ \ \ | |_|/ |/| | generate service object inline
| * | generate service object inlinebaude2018-12-18
| | | | | | | | | | | | | | | | | | | | | no longer require the service object be output to a different file; we should be doing this inline with the pods for user convenience. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #2018 from baude/rmiinfraOpenShift Merge Robot2018-12-17
|\ \ \ | |/ / |/| | display proper error when rmi -fa with infra containers
| * | display proper error when rmi -fa with infra containersbaude2018-12-17
| |/ | | | | | | | | | | | | | | | | when deleting infra containers, we were not checking the error of the image deletion and therefore resulting in not reporting the error. Fixes #1991 Signed-off-by: baude <bbaude@redhat.com>
* | Show image only once with images -qTomSweeneyRedHat2018-12-17
| | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Merge pull request #1986 from baude/varlinkendpointsOpenShift Merge Robot2018-12-17
|\ \ | |/ |/| Clean up some existing varlink endpoints
| * Clean up some existing varlink endpointsbaude2018-12-12
| | | | | | | | | | | | | | | | Going through and adding options (like tls-verify, signature option, etc) to some varlink endpoints (like push/pull) many of which had not been updated since their original authoring. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1994 from giuseppe/rootless-mount-allow-only-from-vfsOpenShift Merge Robot2018-12-13
|\ \ | | | | | | mount: allow mount only when using vfs
| * | mount: allow mount only when using vfsGiuseppe Scrivano2018-12-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when using a driver different than vfs, the mount is probably in a different mount namespace thus not accessible from the host. Avoid the confusion by not allowing mount when a different driver is used. Closes: https://github.com/containers/libpod/issues/1964 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | runlabel should sub podman for docker|/usr/bin/dockerbaude2018-12-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Many RH images use a fully-qualified path to docker in their RUN labels. While initially we wanted an exact match for substituting commands, docker is a good exception. Bug #1623282 Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #1989 from baude/deletecontainerfailstartOpenShift Merge Robot2018-12-13
|\ \ \ | |/ / |/| | failed containers with --rm should remove themselves
| * | failed containers with --rm should remove themselvesbaude2018-12-12
| |/ | | | | | | | | | | | | | | | | | | when starting or running a container that has --rm, if the starting container fails (like due to an invalid command), the container should get removed. Resolves: #1985 Signed-off-by: baude <bbaude@redhat.com>
* / fix typo in kubernetesbaude2018-12-11
|/ | | | Signed-off-by: baude <bbaude@redhat.com>
* rootless: fix restart when using fuse-overlayfsGiuseppe Scrivano2018-12-11
| | | | | | | | | | With rootless containers we cannot really restart an existing container as we would need to join the mount namespace as well to be able to reuse the storage, so ensure the container is stopped first. Closes: https://github.com/containers/libpod/issues/1965 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* add more example usage to varlink endpointsbaude2018-12-09
| | | | Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #1953 from baude/podstoptimeoutOpenShift Merge Robot2018-12-07
|\ | | | | add timeout to pod stop
| * add timeout to pod stopbaude2018-12-07
| | | | | | | | | | | | | | | | like podman stop of containers, we should allow the user to specify a timeout override when stopping pods; otherwise they have to wait the full timeout time specified during the pod/container creation. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1928 from baude/podtokubeOpenShift Merge Robot2018-12-07
|\ \ | |/ |/| generate kube
| * generate kubebaude2018-12-04
| | | | | | | | | | | | | | add the ability to generate kubernetes pod and service yaml representations of libpod containers and pods. Signed-off-by: baude <bbaude@redhat.com>
* | Remove manual handling of insecure registries in (podman search)Miloslav Trmač2018-12-06
| | | | | | | | | | | | Instead, just set SystemRegistriesConfPath and let the transport do it. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* | Remove the forceSecure parameter on the pull call stackMiloslav Trmač2018-12-06
| | | | | | | | | | | | | | DockerRegistryOptions.DockerInsecureSkipTLSVerify as an types.OptionalBool can now represent that value, so forceSecure is redundant. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* | Remove the forceSecure parameter of Image.PushImageTo*Miloslav Trmač2018-12-06
| | | | | | | | | | | | | | DockerRegistryOptions.DockerInsecureSkipTLSVerify as an types.OptionalBool can now represent that value, so forceSecure is redundant. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* | Minimally update for the DockerInsecureSkipTLSVerify type changeMiloslav Trmač2018-12-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following SystemContext.DockerInsecureSkipTLSVerify, make the DockerRegistryOne also an OptionalBool, and update callers. Explicitly document that --tls-verify=true and --tls-verify unset have different behavior in those commands where the behavior changed (or where it hasn't changed but the documentation needed updating). Also make the --tls-verify man page sections a tiny bit more consistent throughout. This is a minimal fix, without changing the existing "--tls-verify=true" paths nor existing manual insecure registry lookups. Signed-off-by: Miloslav Trmač <mitr@redhat.com>