summaryrefslogtreecommitdiff
path: root/contrib
Commit message (Collapse)AuthorAge
* [CI:DOCS] Fix multi-arch image docsChris Evich2021-08-10
| | | | | | | | | | The automation workflow was altered in recent history to build images daily, even if the podman version didn't change. This was is necessary so that any updates/security vulnerabilities in ancillary packages are incorporated quickly. However, documentation was never updated to reflect this change. This commit puts the two in sync. Signed-off-by: Chris Evich <cevich@redhat.com>
* Fix handling of shadow-utilsDaniel J Walsh2021-07-24
| | | | | | | | | | | | | | There seems to be a bug in rpm, where it fails silently if you specify rpm --restore --quiet shadow-utils. rpm --restore shadow-utils 2> /dev/null Does the right thing. [NO TESTS NEEDED] Might add tests from buildah, once we have them working correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Just restore protections of shadow-utilsDaniel J Walsh2021-07-19
| | | | | | | | | | Rather then reinstalling shadow-utils to fix permissions, just restore the correct permissions. [NO TESTS NEEDED] Since this does not affect Podman, just the prebuilt images on quay.io/podman. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* systemd: require network*-online*.targetValentin Rothberg2021-07-16
| | | | | | | | | Require the network to be online in all (generated) systemd units to make sure that containers and Podman run only after the network has been fully configured. Fixes: #10655 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Randomize the auto-update of podman containersrugk2021-07-15
| | | | | | | | | | | | This makes sure, that the podman auto-update is not executed exactly at midnight for the same time always. If many things do the same and many services use this keyword and react at midnight, this can cause a lot of stress to a server. Thus, this adds a 900s/15min delay. As [the arch wiki says](https://wiki.archlinux.org/title/Systemd/Timers#Realtime_timer): > Special event expressions like daily and weekly refer to specific start times and thus any timers sharing such calendar events will start simultaneously. Timers sharing start events can cause poor system performance if the timers' services compete for system resources. The RandomizedDelaySec option in the [Timer] section avoids this problem by randomly staggering the start time of each timer. See systemd.timer(5). Signed-off-by: rugk <rugk+git@posteo.de>
* Make rootless-cni setup more robustPaul Holzinger2021-07-06
| | | | | | | | | | | | | | | | | | | The rootless cni namespace needs a valid /etc/resolv.conf file. On some distros is a symlink to somewhere under /run. Because the kernel will follow the symlink before mounting, it is not possible to mount a file at exactly /etc/resolv.conf. We have to ensure that the link target will be available in the rootless cni mount ns. Fixes #10855 Also fixed a bug in the /var/lib/cni directory lookup logic. It used `filepath.Base` instead of `filepath.Dir` and thus looping infinitely. Fixes #10857 [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* update shell completion scriptsPaul Holzinger2021-07-02
| | | | | | | | | | | | | The new cobra v1.2.0 release brings a number of bug fixes for shell completion scripts. Regenerate the scripts with `make completions` to sync them with the upstream version, currently we have some custom ones to avoid some upstream bugs. Because the new cobra version has all fixes we should use the upstream scripts. Add a check to CI to ensure we always use the up to date scripts. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Cirrus: Fixes due to master->main renameChris Evich2021-06-30
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Makefile: remove install.cniLokesh Mandvekar2021-06-28
| | | | | | | We no longer need to install /etc/cni/net.d/87-podman-bridge.conflist so install.cni isn't needed either. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* Add an entry for `/run/user-$UID/libpod` to tmpfilesMatthew Heon2021-06-18
| | | | | | | | | | | | | | | The systemd-tmpfiles configuration is meant preserve important paths in /tmp that are used by Podman against deletion by systemd. However, not all paths we previously used were included. Some older versions used the `/tmp/use-$UID/libpod` directory instead (when `/run/user/$UID` was unavailable). Add an entry for these old paths to ensure tmpfiles treats the directory correctly. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1960948 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #10680 from bburky/dockerfile-volume-permissionsDaniel J Walsh2021-06-15
|\ | | | | Create user storage dir with correct permissions in Dockerfiles
| * Create user storage dir with correct permissionsBlake Burkhart2021-06-14
| | | | | | | | | | | | | | | | Docker VOLUMEs will inherit permissions from an existing directory at the same path. If the path does not exist, the directory will be owned by root which makes this image unusable in rootless mode. Signed-off-by: Blake Burkhart <blake.burkhart@us.af.mil>
* | Restart all containers with restart-policy=always on bootBoaz Shuster2021-06-13
|/ | | | | | | * Add podman-restart systemd unit file and add it to podman RPM package * Fix podman start to filter all containers + unit test Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* Version bump: 3.3.0-devLokesh Mandvekar2021-06-07
| | | | | | Keep master branch version ahead of that on any other branch. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* auto-update service: prune imagesValentin Rothberg2021-05-14
| | | | | | | | | | | | | Extend the systemd auto-update service to prune images after an update has run. As reported by a user [1], auto updates can over time cause the disk to run out of space. With Edge being a target use case, we need to make sure that systems can run without much supervision, so let's make sure to run `podman image prune` to clean up dangling images. [1] https://twitter.com/r_isc_y/status/1388981737011793921 Fixes: #10190 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* fix incorrect log driver in podman container imagePaul Holzinger2021-05-12
| | | | | | | | | Commit 7f2c27d43fc5 added an invalid value for the log_driver in the containers.conf file inside the podman image. Fixes #10312 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #10231 from rhatdan/cleanupOpenShift Merge Robot2021-05-06
|\ | | | | codespell cleanup
| * codespell cleanupDaniel J Walsh2021-05-05
| | | | | | | | | | | | [NO TESTS NEEDED] This is just running codespell on podman Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10227 from cevich/podman_image_docsOpenShift Merge Robot2021-05-05
|\ \ | |/ |/| [CI:DOCS] Minor podmanimage docs updates.
| * Minor podmanimage docs updates.Chris Evich2021-05-05
| | | | | | | | | | | | | | Discovered by review of https://github.com/containers/buildah/pull/3200 Signed-off-by: Chris Evich <cevich@redhat.com>
* | Force log_driver to k8s-file for containers in containersDaniel J Walsh2021-05-04
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Don't require tests for github-actions & metadataChris Evich2021-04-30
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Update container image docs + fix unstable executionChris Evich2021-04-29
| | | | | | | | | | | | | | | | Update the order of image documentation to be from most to least stable. Similarly, avoid depending on execution of upstream podman, when building/pushing. It's easily possible for this build to function but execution to fail due to some partially implemented feature. Also, ensure images tagged `latest` are pushed for every matrix item. For 'upstream' and 'testing', this replaces use of the 'master' tag. Lastly, update workflow comments and split the 'podman' and 'containers' FQIN steps and outputs to improve readability. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Update Ubuntu images to 21.04Chris Evich2021-04-27
| | | | | | | | | | | | | Also simplify `lib.sh` after supporting changes incorporated into automation library 2.x+ (present in all VM and container images). * No need to force-load `/etc/profile` and handle it's expectation to **not** being in `errexit` mode. * Slightly re-arrange loading of automation library files for clarity. * Update comments. Signed-off-by: Chris Evich <cevich@redhat.com>
* Fixes from make codespellDaniel J Walsh2021-04-21
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix build with GO111MODULE=offLokesh Mandvekar2021-04-15
| | | | | | | | | | | | | | | | | | | | Distro builds on Fedora and Kubic projects use GO111MODULE=off by default which are currently failing. This commit fixes it and going forward, podman CI will also indicate failures in rpm builds. The additional LDFLAGS have been removed from the spec file which is not ideal. But, currently we only use the spec file to check if the rpm builds fine. We can fix the LDFLAGS in a later commit when we're working on packit integration. conmon build has also been removed from podman.spec.in because the COPR for which it was provided has been discontinued. [NO TESTS NEEDED] Fixes: #10009 Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* compose test: try to get useful data from flakesEd Santiago2021-04-13
| | | | | | | | | | | | | | | | | | | | docker-compose test continues to flake even after #9961. Let's try to get some useful data from the failures, by: * adding -S (--show-error) to curl. With just -s (--silent), curl is completely quiet. With -S, it displays errors. (Not in TAP form, but I'm OK with that) * oops, adding safety checks to the fix from #9961 (it was inadvertently clobbering the curl exit status) And, as long as I'm in this code: logformatter was not highlighting these results, because the '1..N' TAP line needs to be spit out at the end. Have test-compose emit a 'TAP' header <http://testanything.org/> and make logformatter recognize it. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #9381 from cevich/add_make_releaseOpenShift Merge Robot2021-04-12
|\ | | | | Reorganize and overhaul Makefile & release archive workflows
| * Overhaul Makefile binary and release worflowsChris Evich2021-04-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Incorporate changes from abandoned #9918: Use dedicated `bin` sub-directories for `windows` and `darwin` when building `podman-remote`. The linux flavor remains under `bin` as before. * Fix MacOS Documentation-generation for release-packaging. The `install-podman-remote-%-docs` target requires local execution of `podman-remote`, but it was assuming GOOS=linux. Fix this by dynamically discovering the local OS/architecture type while still permitting cross-building of MacOS binaries under Linux. * Unify temporary directory/file behavior to use a common template. In case of left-over temporary items left in the repository, update the `clean` target accordingly to remove them. * Fix broken podman-remote-static and MacOS release archive targets mismatching the `podman-remote-%` target. Disambiguate this target for all platforms by spelling each out in full, instead of using a wild-card recipe. * Fix Windows-installer target to properly recognize existing output files and not constantly rebuild every time. * Include the podman version number in the Windows-installer target in case a user downloads multiple releases. * Include a subdirectory containing the podman version number for both `tar.gz` and `zip` targets. This prevents users clobbering existing directories when un-archiving from releases. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Exclude .gitignore from test req.Chris Evich2021-04-12
| | | | | | | | | | | | Also sort the explicit files by name, since the list is growing. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Update podman image Dockerfile to support Podman in containerDaniel J Walsh2021-04-12
|/ | | | | | | | | | | | | | | | | | | | [NO TEST NEEDED] Can not test this in CI/CD system since it needs to be merged in order for the Dockerfiles to even work. Modified the /etc/subuid and /etc/subgid to be able to run in rootless containers. The Range can not be the same as on the host. Add /home/podman/.config/containers/containers.conf to automatically mount /proc on /proc while inside of the container. This prevents additional permissions being required that are blocked when not in --privileged mode. Setup volumes for /var/lib/containers and /home/podman/.local/share/containwers This will prevent the errors where people are doing overlay on overlay. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Cirrus: Use Fedora 34beta imagesChris Evich2021-04-07
| | | | | | Also, revert 4875a8fb Signed-off-by: Chris Evich <cevich@redhat.com>
* Exempt Makefile changes from test requirementsChris Evich2021-04-07
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Make use of shared get_ci_vm containerChris Evich2021-04-05
| | | | | | | | | | | Depends on: https://github.com/containers/automation_images/pull/57 https://github.com/containers/automation/pull/64 https://github.com/containers/automation/pull/66 https://github.com/containers/automation/pull/67 https://github.com/containers/automation/pull/68 Signed-off-by: Chris Evich <cevich@redhat.com>
* Add rootless docker-compose test to the CIPaul Holzinger2021-04-01
| | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Remove unused rootless-cni-infra container filesPaul Holzinger2021-04-01
| | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #9795 from mheon/bump_320_devOpenShift Merge Robot2021-03-29
|\ | | | | Bump to v3.2.0-dev
| * Bump to v3.2.0-devMatthew Heon2021-03-29
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | [NO TESTS NEEDED] Turn on podman-remote build --isolationDaniel J Walsh2021-03-26
| | | | | | | | | | | | | | | | | | | | Currently podman only works with --isolation chroot. This PR fixes this by allowing the isolation mode to default to OCI and to also allow users to pass the isolation mode into the containers. The current tests for --isolation should cause this code to be tested. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | [NO TESTS NEEDED] Remove /tmp/containers-users-* files on rebootDaniel J Walsh2021-03-24
|/ | | | | | Helps Fix https://github.com/containers/podman/issues/9765 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* WIP: run buildah bud tests using podmanEd Santiago2021-03-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Set of scripts to run buildah's bud.bats test using podman build in podman CI. podman build is not 100% compatible with buildah bud. In particular: * podman defaults to --layers=true; buildah to false * podman defaults to --force-rm=true; buildah to false * podman error exit status is 125; buildah is 2 * differences in error messages, command-line arguments Some of the above can be dealt with programmatically, by tweaking the buildah helpers.bash (BATS helpers). Some need to be tweaked by patching bud.bats itself. This PR includes a patch that will, I fear, need to be periodically maintained over time. There will likely be failures when vendoring in a new buildah, possibly because new tests were added for new features that don't exist in podman, possibly (I hope unlikely) if existing tests are changed in ways that make the patch file fail to apply. I've tried to write good instructions and to write the run script in such a way that it will offer helpful hints on failure. My instructions and code will be imperfect; I hope they will be good enough to merit continued use of this test (possibly with improvements to the instructions as we learn more about real-world failures). Signed-off-by: Ed Santiago <santiago@redhat.com>
* Bump to v3.1.0-devMatthew Heon2021-03-08
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Bump to v3.1.0-rc1v3.1.0-rc1Matthew Heon2021-03-08
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* podman upgrade testsEd Santiago2021-02-23
| | | | | | | | Initial validation of using podman-in-podman to create an old-podman root, then use new-podman to play with the containers created therein. Signed-off-by: Ed Santiago <santiago@redhat.com>
* pr-should-include-tests: recognized "renamed" testsEd Santiago2021-02-22
| | | | | | | | git tries to recognize renamed files. This isn't always as helpful as intended. Turn it off, so we'll always see files as 'A'dded. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #9268 from cevich/podman_monitorOpenShift Merge Robot2021-02-10
|\ | | | | [CI:DOCS] Cirrus: Send cirrus-cron report e-mail to list.
| * Cirrus: Send cirrus-cron report e-mail to list.Chris Evich2021-02-08
| | | | | | | | | | | | | | | | | | This mailing-list was established to allow people to sub/unsub from automated notifications. Add it to the list of destinations picked up by the Github Actions workflow `.github/workflows/check_cirrus_cron.yml`. Signed-off-by: Chris Evich <cevich@redhat.com>
* | hardening flags for fedora rpmbuildsLokesh Mandvekar2021-02-09
|/ | | | | | | | | | | This commit sets the CGO_CFLAGS variable for hardening the Fedora rpm binaries. The flags used are the same as those in the official Fedora rpms. Setting the flags in upstream spec would provide early warnings for flag adjustments or other hardening issues. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* Cirrus: Collect ginkgo node logs artifactsChris Evich2021-02-03
| | | | | | | | | | | | | | | | | | | | In rare cases, it's possible for one of the ginkgo processes to "hang". When this occurs, the main output will contain this message: ``Ginkgo timed out waiting for all parallel nodes to report`` The only way to debug this was to look through concatenated printing of the ginkgo node logs. This is a tedious and daunting task, requiring special search knowledge, facing a "wall of text". Simplify the situation by collecting the node logs separately, as individual files in a cirrus-artifact. In this way, it's faster to figure out which test "hung" by examining each log individually. The log file which does not have a pass/fail summary at the end, indicates the last test hung (for whatever reason), and includes it's output (if any). Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #9063 from cevich/master_fix_validateOpenShift Merge Robot2021-01-30
|\ | | | | Cirrus: Fix running Validate task on branches