summaryrefslogtreecommitdiff
path: root/hack
Commit message (Collapse)AuthorAge
* podman/libpod: add default AppArmor profileValentin Rothberg2018-07-11
| | | | | | | | | | | | | | | | | Make users of libpod more secure by adding the libpod/apparmor package to load a pre-defined AppArmor profile. Large chunks of libpod/apparmor come from github.com/moby/moby. Also check if a specified AppArmor profile is actually loaded and throw an error if necessary. The default profile is loaded only on Linux builds with the `apparmor` buildtag enabled. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1063 Approved by: rhatdan
* Makefile: Use 'git diff' to show gofmt changesW. Trevor King2018-07-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes fixing errors easier. Before this commit, errors looked like [1]: $ make gofmt libpod/container_linux.go:1::warning: file is not gofmted with -s (gofmt) make: *** [gofmt] Error 1 But that's not very helpful when your local gofmt thinks the file is fine. With this commit, errors will look like: $ make gofmt find . -name '*.go' ! -path './vendor/*' -exec gofmt -s -w {} \+ git diff --exit-code diff --git a/libpod/container_internal.go b/libpod/container_internal.go index df4de3fe..22b39870 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1,7 +1,7 @@ package libpod import ( -"bytes" + "bytes" "context" "encoding/json" "fmt" make: *** [Makefile:87: gofmt] Error 1 (or whatever, I just stuffed in a formatting error for demonstration purposes). Also remove the helper script in favor of direct Makefile calls, because with Git handling difference reporting and exit status, this becomes a simpler check. find's -exec, !, and -path arguments are specified in POSIX [2]. [1]: https://travis-ci.org/kubernetes-incubator/cri-o/jobs/331949394#L1075 [2]: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/find.html Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #1038 Approved by: rhatdan
* hack/ostree_tag.sh: Fill in OSTree dependenciesW. Trevor King2018-06-18
| | | | | | | | | | | | | | | | Copying the libraries from: $ git grep pkg-config vendor/github.com/containers/image/ vendor/github.com/containers/image/ostree/ostree_dest.go:// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1 libselinux vendor/github.com/containers/image/ostree/ostree_src.go:// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1 We need all of those to compile the vendored Go dependency, not just ostree-1. Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #958 Approved by: giuseppe
* hack/release.sh: Add a guard against -dev suffixes for argv[2]W. Trevor King2018-06-10
| | | | | | | | | | Because it's easier to recover from that if we fail early instead of going through and creating a "Bump to v1.2.3-dev-dev" commit, etc. Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #926 Approved by: rhatdan
* hack/release.sh: Bump spec in dev_version_commitW. Trevor King2018-06-01
| | | | | | | | | | | | | | | | | | Bump it to the next version (without a -dev suffix), based on the precedent set by 70672652 (Bump to v0.6.1-dev, 2018-05-25, #834). Previously I had VERSION there, which was a copy/paste error. I've also added an explicit write_spec_version to release_commit. That *should* be a no-op, with the spec version having already been set by the previous release's dev_version_commit. But better to be safe than to cut a release with the wrong version number in the spec file (e.g. maybe we guessed NEXT_VERSION wrong during the last release). Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #879 Approved by: mheon
* hack/release.sh: No longer need to bump setup.pyW. Trevor King2018-06-01
| | | | | | | | | | | | Since 727ecfea (Use Version from spec file in setup.py, 2018-05-18, #807), setup.py has been pulling this from a PODMAN_VERSION environment variable (which can be set in spec files), and there's no need for us to bump it as part of our releases. Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #879 Approved by: mheon
* hack/release.sh: Add a release scriptW. Trevor King2018-05-31
| | | | | | | | | | | | | | | | | | | | | | | Matthew had expressed interest in a lovely release script on IRC. Here's my attempt to encode the changes from the v0.5.4 release branch. I've also added tag signing, so you may be prompted for your passphrase during that step. The version scheme for 0.x.y is 0.${month}.${count_that_month} [1]. We could automatically calculate those with a dozen or so lines of shell script, but we don't think that's worth the maintenance burden when it's easy enough for the caller to think them up on their own [2]. The spec sed also bumps the Python package version to match, which seems like the intended behavior until 1.0 when the Python code will move into its own repository [3]. [1]: https://github.com/projectatomic/libpod/pull/867#issuecomment-393731907 [2]: https://github.com/projectatomic/libpod/pull/867#issuecomment-393743295 [3]: https://github.com/projectatomic/libpod/issues/786#issuecomment-390682012 Signed-off-by: W. Trevor King <wking@tremily.us>
* Makefile: Drop find-godeps.sh for podman targetW. Trevor King2018-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We inherited this from a031b83a (Initial checkin from CRI-O repo, 2017-11-01), but: * The output is actually going into bin/podman, so Make will rebuild this target every time. You'll never be able to save compilation because the target is newer than all the prerequisites. * Make expands prerequisites immediately when loading a Makefile [1], and on my wimpy Chromebook SD Card, this is *slow*: $ time hack/find-godeps.sh ~/.local/lib/go/src/github.com/projectatomic/libpod cmd/podman github.com/projectatomic/libpod ... real 0m56.225s user 0m44.918s sys 0m21.918s * Go is pretty good at this on its own, so having make call 'go build' every time will almost certainly be faster than us trying to mimic this in a shell script. And by punting to Go in the recipe, Make invocations that do not need the podman target (e.g. 'make help') can skip the dependency lookup entirely. [1]: https://www.gnu.org/software/make/manual/html_node/Reading-Makefiles.html#Rule-Definition Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #776 Approved by: rhatdan
* Initial varlink implementationbaude2018-04-23
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #627 Approved by: mheon
* Add fix_gofmt targetbaude2017-12-13
| | | | | | | | | | | fix_gofmt will run gofmt -s -w on files that need to be formatted. Useful for developers prior to checking code in. Signed-off-by: baude <bbaude@redhat.com> Closes: #125 Approved by: baude
* Narrow gofmt targetsbaude2017-11-27
| | | | | | | | | Disregard _output for gofmt'ing Signed-off-by: baude <bbaude@redhat.com> Closes: #77 Approved by: rhatdan
* Initial checkin from CRI-O repoMatthew Heon2017-11-01
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>