summaryrefslogtreecommitdiff
path: root/contrib
Commit message (Collapse)AuthorAge
* Move the chown to after the ADDsDaniel J Walsh2021-12-06
| | | | | | | | I have noticed that the containers.conf file in the /home/podman directory is owned by root and not Podman. This change fixes the ownership. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* systemd: replace multi-user with default.targetValentin Rothberg2021-12-01
| | | | | | | | | | | | Replace multi-user.target with default.target across the code base. It seems like the multi-user one is not available for (rootless) users on F35 anymore is causing issues in all kinds of ways, for instance, enabling the podman.service or generated systemd units. Backport of commit 9a10e2124bb11027fc71db4c495c116277b8b7e3. Fixes: #12438 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* fix CIValentin Rothberg2021-11-22
| | | | | | | | | | | | | | [Backport #12343, which fixes the change in fedora-minimal image] Our fedora-minimal image on Quay bases on fedora-minimal:latest which starting with F35 removed a number of binaries that our CI depends on. Fix that by pulling `fedora-minimal:34` from the Fedora registry directly. Once the build bot on Quay has been disabled, we move the image over there to make sure that it will not change over time. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Bump to v3.4.3-devMatthew Heon2021-11-12
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* VOLUME must be declared after RUN chown commandJindrich Novy2021-11-12
| | | | | | | | | | Podman and Docker will not commit changes via RUN command of a VOLUME directory, so we need to chown path first. Not doing do will cause: https://bugzilla.redhat.com/show_bug.cgi?id=2009266 Signed-off-by: Jindrich Novy <jnovy@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Minor test tweaksEd Santiago2021-11-12
| | | | | | | | | | - remove 'NO TESTS NEEDED' as a valid bypass string. Henceforth only 'NO NEW TESTS NEEDED' will work. - add a debugging aid for #11871, in which bodhi tests time out in nslookup. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Cirrus: Authorize rootless user self-sshChris Evich2021-11-12
| | | | | | | | | | | Future testing needs dictate rootless (in addition to root) users are able to ssh to localhost. Add ssh-key generation commands for the rootless user, and authorize their public key. Minor: Also remove update of `/etc/sub{uid,gid}` files, since this is now done automatically by `{user,group}add` commands. Signed-off-by: Chris Evich <cevich@redhat.com>
* systemd: compatible with rootless modeEaston Man2021-11-12
| | | | | | | - change the type to forking to allow fork. - add default.target for user systemd service Signed-off-by: Easton Man <manyang.me@outlook.com>
* Bump to v3.4.2-devMatthew Heon2021-10-19
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add podman-plugins to upstream imageMatthew Mosesohn2021-10-19
| | | | | | | | Fixes #11380 Replaces https://github.com/containers/podman/pull/11385 Originally subbmitted by @mattymo Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* It really should be no **NEW** tests neededEd Santiago2021-10-19
| | | | | | | | | | | | Accept both "NO TESTS NEEDED" and "NO NEW TESTS NEEDED". That was a usability mistake I made on Day One. Fixed it in Buildah but oops never got around to fixing it here. Also, fix the test suite script: remove a no-longer-working test case (changelog.txt, removed in #11467) and add a new test for commits that include the magic string. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Bump to v3.4.1-devMatthew Heon2021-09-30
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Bump to v3.4.0-rc1v3.4.0-rc1Matthew Heon2021-09-16
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Remove changelog.txt from the repositoryjesperpedersen2021-09-07
| | | | | | | | | | | The changelog.txt file hasn't been kept in sync with release tags, especially on main, so remove it. The release notes will be featured in RELEASE_NOTES.md. Signed-off-by: jesperpedersen <jesper.pedersen@redhat.com> [NO TESTS NEEDED]
* Cirrus: Confirm CGv1 / CGv2 VM expectationsChris Evich2021-08-18
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Fix AVC denials in tests of volume mountsChris Evich2021-08-18
| | | | | | | | | This becomes a problem on hosts with upgraded policies. Ref: https://github.com/containers/podman/issues/10522 Also, made a small change to compose-test setup to reduce runtime. Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #11169 from cevich/enable_docker_py_testingopenshift-ci[bot]2021-08-16
|\ | | | | Enable docker-py compat. testing w/ ignored result
| * Enable docker-py compat. testing w/ ignored resultChris Evich2021-08-09
| | | | | | | | | | | | | | | | | | | | Significant bitrot results in almost immediate test failure. This commit adds only the very basic, bare-minimum needed to get them started. ***TESTING RESULTS ARE IGNORED*** Signed-off-by: Chris Evich <cevich@redhat.com>
* | [CI:DOCS] Fix multi-arch image docsChris Evich2021-08-10
|/ | | | | | | | | | The automation workflow was altered in recent history to build images daily, even if the podman version didn't change. This was is necessary so that any updates/security vulnerabilities in ancillary packages are incorporated quickly. However, documentation was never updated to reflect this change. This commit puts the two in sync. Signed-off-by: Chris Evich <cevich@redhat.com>
* Fix handling of shadow-utilsDaniel J Walsh2021-07-24
| | | | | | | | | | | | | | There seems to be a bug in rpm, where it fails silently if you specify rpm --restore --quiet shadow-utils. rpm --restore shadow-utils 2> /dev/null Does the right thing. [NO TESTS NEEDED] Might add tests from buildah, once we have them working correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Just restore protections of shadow-utilsDaniel J Walsh2021-07-19
| | | | | | | | | | Rather then reinstalling shadow-utils to fix permissions, just restore the correct permissions. [NO TESTS NEEDED] Since this does not affect Podman, just the prebuilt images on quay.io/podman. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* systemd: require network*-online*.targetValentin Rothberg2021-07-16
| | | | | | | | | Require the network to be online in all (generated) systemd units to make sure that containers and Podman run only after the network has been fully configured. Fixes: #10655 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Randomize the auto-update of podman containersrugk2021-07-15
| | | | | | | | | | | | This makes sure, that the podman auto-update is not executed exactly at midnight for the same time always. If many things do the same and many services use this keyword and react at midnight, this can cause a lot of stress to a server. Thus, this adds a 900s/15min delay. As [the arch wiki says](https://wiki.archlinux.org/title/Systemd/Timers#Realtime_timer): > Special event expressions like daily and weekly refer to specific start times and thus any timers sharing such calendar events will start simultaneously. Timers sharing start events can cause poor system performance if the timers' services compete for system resources. The RandomizedDelaySec option in the [Timer] section avoids this problem by randomly staggering the start time of each timer. See systemd.timer(5). Signed-off-by: rugk <rugk+git@posteo.de>
* Make rootless-cni setup more robustPaul Holzinger2021-07-06
| | | | | | | | | | | | | | | | | | | The rootless cni namespace needs a valid /etc/resolv.conf file. On some distros is a symlink to somewhere under /run. Because the kernel will follow the symlink before mounting, it is not possible to mount a file at exactly /etc/resolv.conf. We have to ensure that the link target will be available in the rootless cni mount ns. Fixes #10855 Also fixed a bug in the /var/lib/cni directory lookup logic. It used `filepath.Base` instead of `filepath.Dir` and thus looping infinitely. Fixes #10857 [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* update shell completion scriptsPaul Holzinger2021-07-02
| | | | | | | | | | | | | The new cobra v1.2.0 release brings a number of bug fixes for shell completion scripts. Regenerate the scripts with `make completions` to sync them with the upstream version, currently we have some custom ones to avoid some upstream bugs. Because the new cobra version has all fixes we should use the upstream scripts. Add a check to CI to ensure we always use the up to date scripts. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Cirrus: Fixes due to master->main renameChris Evich2021-06-30
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Makefile: remove install.cniLokesh Mandvekar2021-06-28
| | | | | | | We no longer need to install /etc/cni/net.d/87-podman-bridge.conflist so install.cni isn't needed either. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* Add an entry for `/run/user-$UID/libpod` to tmpfilesMatthew Heon2021-06-18
| | | | | | | | | | | | | | | The systemd-tmpfiles configuration is meant preserve important paths in /tmp that are used by Podman against deletion by systemd. However, not all paths we previously used were included. Some older versions used the `/tmp/use-$UID/libpod` directory instead (when `/run/user/$UID` was unavailable). Add an entry for these old paths to ensure tmpfiles treats the directory correctly. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1960948 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #10680 from bburky/dockerfile-volume-permissionsDaniel J Walsh2021-06-15
|\ | | | | Create user storage dir with correct permissions in Dockerfiles
| * Create user storage dir with correct permissionsBlake Burkhart2021-06-14
| | | | | | | | | | | | | | | | Docker VOLUMEs will inherit permissions from an existing directory at the same path. If the path does not exist, the directory will be owned by root which makes this image unusable in rootless mode. Signed-off-by: Blake Burkhart <blake.burkhart@us.af.mil>
* | Restart all containers with restart-policy=always on bootBoaz Shuster2021-06-13
|/ | | | | | | * Add podman-restart systemd unit file and add it to podman RPM package * Fix podman start to filter all containers + unit test Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* Version bump: 3.3.0-devLokesh Mandvekar2021-06-07
| | | | | | Keep master branch version ahead of that on any other branch. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* auto-update service: prune imagesValentin Rothberg2021-05-14
| | | | | | | | | | | | | Extend the systemd auto-update service to prune images after an update has run. As reported by a user [1], auto updates can over time cause the disk to run out of space. With Edge being a target use case, we need to make sure that systems can run without much supervision, so let's make sure to run `podman image prune` to clean up dangling images. [1] https://twitter.com/r_isc_y/status/1388981737011793921 Fixes: #10190 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* fix incorrect log driver in podman container imagePaul Holzinger2021-05-12
| | | | | | | | | Commit 7f2c27d43fc5 added an invalid value for the log_driver in the containers.conf file inside the podman image. Fixes #10312 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #10231 from rhatdan/cleanupOpenShift Merge Robot2021-05-06
|\ | | | | codespell cleanup
| * codespell cleanupDaniel J Walsh2021-05-05
| | | | | | | | | | | | [NO TESTS NEEDED] This is just running codespell on podman Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10227 from cevich/podman_image_docsOpenShift Merge Robot2021-05-05
|\ \ | |/ |/| [CI:DOCS] Minor podmanimage docs updates.
| * Minor podmanimage docs updates.Chris Evich2021-05-05
| | | | | | | | | | | | | | Discovered by review of https://github.com/containers/buildah/pull/3200 Signed-off-by: Chris Evich <cevich@redhat.com>
* | Force log_driver to k8s-file for containers in containersDaniel J Walsh2021-05-04
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Don't require tests for github-actions & metadataChris Evich2021-04-30
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Update container image docs + fix unstable executionChris Evich2021-04-29
| | | | | | | | | | | | | | | | Update the order of image documentation to be from most to least stable. Similarly, avoid depending on execution of upstream podman, when building/pushing. It's easily possible for this build to function but execution to fail due to some partially implemented feature. Also, ensure images tagged `latest` are pushed for every matrix item. For 'upstream' and 'testing', this replaces use of the 'master' tag. Lastly, update workflow comments and split the 'podman' and 'containers' FQIN steps and outputs to improve readability. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Update Ubuntu images to 21.04Chris Evich2021-04-27
| | | | | | | | | | | | | Also simplify `lib.sh` after supporting changes incorporated into automation library 2.x+ (present in all VM and container images). * No need to force-load `/etc/profile` and handle it's expectation to **not** being in `errexit` mode. * Slightly re-arrange loading of automation library files for clarity. * Update comments. Signed-off-by: Chris Evich <cevich@redhat.com>
* Fixes from make codespellDaniel J Walsh2021-04-21
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix build with GO111MODULE=offLokesh Mandvekar2021-04-15
| | | | | | | | | | | | | | | | | | | | Distro builds on Fedora and Kubic projects use GO111MODULE=off by default which are currently failing. This commit fixes it and going forward, podman CI will also indicate failures in rpm builds. The additional LDFLAGS have been removed from the spec file which is not ideal. But, currently we only use the spec file to check if the rpm builds fine. We can fix the LDFLAGS in a later commit when we're working on packit integration. conmon build has also been removed from podman.spec.in because the COPR for which it was provided has been discontinued. [NO TESTS NEEDED] Fixes: #10009 Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* compose test: try to get useful data from flakesEd Santiago2021-04-13
| | | | | | | | | | | | | | | | | | | | docker-compose test continues to flake even after #9961. Let's try to get some useful data from the failures, by: * adding -S (--show-error) to curl. With just -s (--silent), curl is completely quiet. With -S, it displays errors. (Not in TAP form, but I'm OK with that) * oops, adding safety checks to the fix from #9961 (it was inadvertently clobbering the curl exit status) And, as long as I'm in this code: logformatter was not highlighting these results, because the '1..N' TAP line needs to be spit out at the end. Have test-compose emit a 'TAP' header <http://testanything.org/> and make logformatter recognize it. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #9381 from cevich/add_make_releaseOpenShift Merge Robot2021-04-12
|\ | | | | Reorganize and overhaul Makefile & release archive workflows
| * Overhaul Makefile binary and release worflowsChris Evich2021-04-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Incorporate changes from abandoned #9918: Use dedicated `bin` sub-directories for `windows` and `darwin` when building `podman-remote`. The linux flavor remains under `bin` as before. * Fix MacOS Documentation-generation for release-packaging. The `install-podman-remote-%-docs` target requires local execution of `podman-remote`, but it was assuming GOOS=linux. Fix this by dynamically discovering the local OS/architecture type while still permitting cross-building of MacOS binaries under Linux. * Unify temporary directory/file behavior to use a common template. In case of left-over temporary items left in the repository, update the `clean` target accordingly to remove them. * Fix broken podman-remote-static and MacOS release archive targets mismatching the `podman-remote-%` target. Disambiguate this target for all platforms by spelling each out in full, instead of using a wild-card recipe. * Fix Windows-installer target to properly recognize existing output files and not constantly rebuild every time. * Include the podman version number in the Windows-installer target in case a user downloads multiple releases. * Include a subdirectory containing the podman version number for both `tar.gz` and `zip` targets. This prevents users clobbering existing directories when un-archiving from releases. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Exclude .gitignore from test req.Chris Evich2021-04-12
| | | | | | | | | | | | Also sort the explicit files by name, since the list is growing. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Update podman image Dockerfile to support Podman in containerDaniel J Walsh2021-04-12
|/ | | | | | | | | | | | | | | | | | | | [NO TEST NEEDED] Can not test this in CI/CD system since it needs to be merged in order for the Dockerfiles to even work. Modified the /etc/subuid and /etc/subgid to be able to run in rootless containers. The Range can not be the same as on the host. Add /home/podman/.config/containers/containers.conf to automatically mount /proc on /proc while inside of the container. This prevents additional permissions being required that are blocked when not in --privileged mode. Setup volumes for /var/lib/containers and /home/podman/.local/share/containwers This will prevent the errors where people are doing overlay on overlay. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Cirrus: Use Fedora 34beta imagesChris Evich2021-04-07
| | | | | | Also, revert 4875a8fb Signed-off-by: Chris Evich <cevich@redhat.com>