| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
The automation workflow was altered in recent history to build images
daily, even if the podman version didn't change. This was is necessary
so that any updates/security vulnerabilities in ancillary packages are
incorporated quickly. However, documentation was never updated to
reflect this change. This commit puts the two in sync.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There seems to be a bug in rpm, where it fails silently if you specify
rpm --restore --quiet shadow-utils.
rpm --restore shadow-utils 2> /dev/null
Does the right thing.
[NO TESTS NEEDED] Might add tests from buildah, once we have them
working correctly.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Rather then reinstalling shadow-utils to fix permissions,
just restore the correct permissions.
[NO TESTS NEEDED] Since this does not affect Podman, just the prebuilt
images on quay.io/podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Require the network to be online in all (generated) systemd units to
make sure that containers and Podman run only after the network has been
fully configured.
Fixes: #10655
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes sure, that the podman auto-update is not executed exactly at midnight for the same time always.
If many things do the same and many services use this keyword and react at midnight, this can cause a lot of stress to a server.
Thus, this adds a 900s/15min delay.
As [the arch wiki says](https://wiki.archlinux.org/title/Systemd/Timers#Realtime_timer):
> Special event expressions like daily and weekly refer to specific start times and thus any timers sharing such calendar events will start simultaneously. Timers sharing start events can cause poor system performance if the timers' services compete for system resources. The RandomizedDelaySec option in the [Timer] section avoids this problem by randomly staggering the start time of each timer. See systemd.timer(5).
Signed-off-by: rugk <rugk+git@posteo.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rootless cni namespace needs a valid /etc/resolv.conf file. On some
distros is a symlink to somewhere under /run. Because the kernel will
follow the symlink before mounting, it is not possible to mount a file
at exactly /etc/resolv.conf. We have to ensure that the link target will
be available in the rootless cni mount ns.
Fixes #10855
Also fixed a bug in the /var/lib/cni directory lookup logic. It used
`filepath.Base` instead of `filepath.Dir` and thus looping infinitely.
Fixes #10857
[NO TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new cobra v1.2.0 release brings a number of bug fixes for shell
completion scripts. Regenerate the scripts with `make completions`
to sync them with the upstream version, currently we have some custom
ones to avoid some upstream bugs. Because the new cobra version has
all fixes we should use the upstream scripts.
Add a check to CI to ensure we always use the up to date scripts.
[NO TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
| |
We no longer need to install /etc/cni/net.d/87-podman-bridge.conflist
so install.cni isn't needed either.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The systemd-tmpfiles configuration is meant preserve important
paths in /tmp that are used by Podman against deletion by
systemd. However, not all paths we previously used were included.
Some older versions used the `/tmp/use-$UID/libpod` directory
instead (when `/run/user/$UID` was unavailable).
Add an entry for these old paths to ensure tmpfiles treats the
directory correctly.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1960948
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\
| |
| | |
Create user storage dir with correct permissions in Dockerfiles
|
| |
| |
| |
| |
| |
| |
| |
| | |
Docker VOLUMEs will inherit permissions from an existing directory at the same
path. If the path does not exist, the directory will be owned by root which
makes this image unusable in rootless mode.
Signed-off-by: Blake Burkhart <blake.burkhart@us.af.mil>
|
|/
|
|
|
|
|
| |
* Add podman-restart systemd unit file and add it to podman RPM package
* Fix podman start to filter all containers + unit test
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
|
|
|
|
|
| |
Keep master branch version ahead of that on any other branch.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extend the systemd auto-update service to prune images after an update
has run. As reported by a user [1], auto updates can over time cause
the disk to run out of space. With Edge being a target use case, we
need to make sure that systems can run without much supervision, so
let's make sure to run `podman image prune` to clean up dangling images.
[1] https://twitter.com/r_isc_y/status/1388981737011793921
Fixes: #10190
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Commit 7f2c27d43fc5 added an invalid value for the log_driver in the
containers.conf file inside the podman image.
Fixes #10312
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\
| |
| | |
codespell cleanup
|
| |
| |
| |
| |
| |
| | |
[NO TESTS NEEDED] This is just running codespell on podman
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| |/
|/| |
[CI:DOCS] Minor podmanimage docs updates.
|
| |
| |
| |
| |
| |
| |
| | |
Discovered by review of
https://github.com/containers/buildah/pull/3200
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|/
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the order of image documentation to be from most to least stable.
Similarly, avoid depending on execution of upstream podman, when
building/pushing. It's easily possible for this build to function but
execution to fail due to some partially implemented feature.
Also, ensure images tagged `latest` are pushed for every matrix
item. For 'upstream' and 'testing', this replaces use of the
'master' tag.
Lastly, update workflow comments and split the 'podman' and 'containers'
FQIN steps and outputs to improve readability.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also simplify `lib.sh` after supporting changes incorporated
into automation library 2.x+ (present in all VM and container images).
* No need to force-load `/etc/profile` and handle it's expectation
to **not** being in `errexit` mode.
* Slightly re-arrange loading of automation library files for
clarity.
* Update comments.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Distro builds on Fedora and Kubic projects use GO111MODULE=off
by default which are currently failing. This commit fixes it and
going forward, podman CI will also indicate failures in rpm builds.
The additional LDFLAGS have been removed from the spec file
which is not ideal. But, currently we only use the spec file
to check if the rpm builds fine. We can fix the LDFLAGS in a
later commit when we're working on packit integration.
conmon build has also been removed from podman.spec.in because the COPR
for which it was provided has been discontinued.
[NO TESTS NEEDED]
Fixes: #10009
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
docker-compose test continues to flake even after #9961.
Let's try to get some useful data from the failures, by:
* adding -S (--show-error) to curl. With just -s (--silent),
curl is completely quiet. With -S, it displays errors.
(Not in TAP form, but I'm OK with that)
* oops, adding safety checks to the fix from #9961 (it
was inadvertently clobbering the curl exit status)
And, as long as I'm in this code: logformatter was not
highlighting these results, because the '1..N' TAP line
needs to be spit out at the end. Have test-compose emit
a 'TAP' header <http://testanything.org/> and make
logformatter recognize it.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\
| |
| | |
Reorganize and overhaul Makefile & release archive workflows
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Incorporate changes from abandoned #9918: Use dedicated `bin`
sub-directories for `windows` and `darwin` when building
`podman-remote`. The linux flavor remains under `bin` as before.
* Fix MacOS Documentation-generation for release-packaging.
The `install-podman-remote-%-docs` target requires local execution
of `podman-remote`, but it was assuming GOOS=linux. Fix this
by dynamically discovering the local OS/architecture type while
still permitting cross-building of MacOS binaries under Linux.
* Unify temporary directory/file behavior to use a common template.
In case of left-over temporary items left in the repository,
update the `clean` target accordingly to remove them.
* Fix broken podman-remote-static and MacOS release archive targets
mismatching the `podman-remote-%` target. Disambiguate this target
for all platforms by spelling each out in full, instead of using
a wild-card recipe.
* Fix Windows-installer target to properly recognize existing
output files and not constantly rebuild every time.
* Include the podman version number in the Windows-installer target
in case a user downloads multiple releases.
* Include a subdirectory containing the podman version number for
both `tar.gz` and `zip` targets. This prevents users clobbering
existing directories when un-archiving from releases.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Also sort the explicit files by name, since the list is growing.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[NO TEST NEEDED] Can not test this in CI/CD system since it needs to be
merged in order for the Dockerfiles to even work.
Modified the /etc/subuid and /etc/subgid to be able to run in rootless
containers. The Range can not be the same as on the host.
Add /home/podman/.config/containers/containers.conf to automatically
mount /proc on /proc while inside of the container. This prevents
additional permissions being required that are blocked when not in
--privileged mode.
Setup volumes for /var/lib/containers and
/home/podman/.local/share/containwers
This will prevent the errors where people are doing overlay on overlay.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
| |
Also, revert 4875a8fb
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Depends on:
https://github.com/containers/automation_images/pull/57
https://github.com/containers/automation/pull/64
https://github.com/containers/automation/pull/66
https://github.com/containers/automation/pull/67
https://github.com/containers/automation/pull/68
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
| |
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|
|
|
| |
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\
| |
| | |
Bump to v3.2.0-dev
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently podman only works with --isolation chroot. This PR
fixes this by allowing the isolation mode to default to OCI and to
also allow users to pass the isolation mode into the containers.
The current tests for --isolation should cause this code to be tested.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
| |
Helps Fix https://github.com/containers/podman/issues/9765
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set of scripts to run buildah's bud.bats test using
podman build in podman CI.
podman build is not 100% compatible with buildah bud.
In particular:
* podman defaults to --layers=true; buildah to false
* podman defaults to --force-rm=true; buildah to false
* podman error exit status is 125; buildah is 2
* differences in error messages, command-line arguments
Some of the above can be dealt with programmatically,
by tweaking the buildah helpers.bash (BATS helpers).
Some need to be tweaked by patching bud.bats itself.
This PR includes a patch that will, I fear, need to
be periodically maintained over time.
There will likely be failures when vendoring in a
new buildah, possibly because new tests were added
for new features that don't exist in podman, possibly
(I hope unlikely) if existing tests are changed in
ways that make the patch file fail to apply. I've
tried to write good instructions and to write the run
script in such a way that it will offer helpful hints
on failure. My instructions and code will be imperfect;
I hope they will be good enough to merit continued use
of this test (possibly with improvements to the instructions
as we learn more about real-world failures).
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|
|
|
|
|
|
|
| |
Initial validation of using podman-in-podman to create an
old-podman root, then use new-podman to play with the
containers created therein.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|
|
|
|
|
|
|
| |
git tries to recognize renamed files. This isn't always
as helpful as intended. Turn it off, so we'll always see
files as 'A'dded.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\
| |
| | |
[CI:DOCS] Cirrus: Send cirrus-cron report e-mail to list.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This mailing-list was established to allow people to sub/unsub from
automated notifications. Add it to the list of destinations picked up
by the Github Actions workflow
`.github/workflows/check_cirrus_cron.yml`.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
| |
This commit sets the CGO_CFLAGS variable for hardening the Fedora rpm
binaries.
The flags used are the same as those in the official Fedora rpms.
Setting the flags in upstream spec would provide early warnings for
flag adjustments or other hardening issues.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In rare cases, it's possible for one of the ginkgo processes to "hang".
When this occurs, the main output will contain this message:
``Ginkgo timed out waiting for all parallel nodes to report``
The only way to debug this was to look through concatenated printing
of the ginkgo node logs. This is a tedious and daunting task,
requiring special search knowledge, facing a "wall of text".
Simplify the situation by collecting the node logs separately, as
individual files in a cirrus-artifact. In this way, it's faster to
figure out which test "hung" by examining each log individually. The
log file which does not have a pass/fail summary at the end,
indicates the last test hung (for whatever reason), and includes it's
output (if any).
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\
| |
| | |
Cirrus: Fix running Validate task on branches
|