summaryrefslogtreecommitdiff
path: root/hack
Commit message (Collapse)AuthorAge
* CI check for --help vs man pages: usability fixEd Santiago2019-04-08
| | | | | | | | | | | | | | | | | | | | | The output of this CI script leaves much to be desired: it is output from 'diff' with little clarity on what exactly is wrong. The proper fix is to make the output clear and readable: podman containers --help lists a 'foo' subcommand that is not present in docs/podman-containers.1.md Doing this in bash would take many hours and be fragile gibberish code. This does not seem worth the effort: the likely case is that breakages reported by this script will be due to a newly added subcommand, and the PR author will find it obvious what to do. Ergo, plan B: if the test fails, display a blurb at the end describing how to interpret results. Three minutes' effort, plus five for writing this commit message. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #2433 from cevich/hack_around_homeOpenShift Merge Robot2019-03-27
|\ | | | | [ci skip] get_ci_vm.sh: Fix conflicting homedir files
| * get_ci_vm.sh: Fix conflicting homedir filesChris Evich2019-03-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, the script would bind mount the user's home directory into the container in order to execute gcloud commands. This was done to preserve the `.config/gcloud` directory and new ssh keys in `.ssh`. However, it's possible the user has modified `.bash*` or `.ssh/config` files which do not play nicely with gcloud and/or the container. Fix this by mounting the existing temporary directory on the host, as the user's home directory. Then bind mount in a dedicated `gcloud/ssh` sub-directory, and the libpod repo directory on top. Pre-create the necessary mount-points as the user, so later removal does not require root on the host. The gcloud tool takes minutes to setup/manage its ssh-keys, so preserving that work between runs is a necessary optimization. Similarly, saving the `.gcloud` directory prevents repeatedly going through the lengthy client-auth process. Overall, these changes make the container environment much more selective with the host-side data it has access to use/modify. Preventing unrelated details from getting in the way, and preserving only the bare-minimum of details on the host, between runs. Signed-off-by: Chris Evich <cevich@redhat.com>
* | man pages - consistency fixesEd Santiago2019-03-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman-generate and -play had the wrong NAMEs. podman-restart and -volume-prune the wrong SYNOPSIS. All the rest are varying degrees of minor: - missing a space between the NAME and description - multi-line SYNOPSIS that could be collapsed into one - use of UPPER CASE in synopsis instead of *asterisks* - improper use of **double asterisks** for options - varlink and version were transposed in podman-1 - fixed inconsistencies between the description in the man page and that in the parent manpage. These are too numerous for me to fix all. Added: script that could be used in CI to prevent future such inconsistencies. It cannot be enabled yet because there are still 35+ inconsistencies in need of cleaning. This will be difficult to review on github. I suggest pulling the PR and running 'git log -1 -p | cdif | less' 'cdif' is a handy tool for colorizing individual diffs between lines: http://kaz-utashiro.github.io/cdif/ There are other such tools; use your favorite. Comparing without visual highlights may be painful. I also encourage you to run hack/man-page-checker and suggest more fixes for the problems it's finding. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Cirrus: Various fixes for rootless testingChris Evich2019-03-19
| | | | | | | | | | | | | | | | | | * Randomize the user's UID and GID * Simplify `setup_environment.sh` * Support new "-r" option for `hack/get_ci_vm.sh` setting up rootless * Connect as $ROOTLESS_USER when using "-r" with `hack/get_ci_vm.sh` Signed-off-by: Chris Evich <cevich@redhat.com>
* | Enable rootless integration testsbaude2019-03-19
| | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | add podman-healthcheck(1) to podman(1)Ed Santiago2019-03-07
|/ | | | | | | | | | | ...caught by hack/podman-commands.sh script. Which had a little buglet, which I fixed: add a special case for 'help', which neither has nor needs a man page. I believe the podman-commands.sh script is ready to be run in CI, hint hint. Signed-off-by: Ed Santiago <santiago@redhat.com>
* podman-commands script: refactorEd Santiago2019-02-28
| | | | | | | | | | | | | | | | | | | | | | | Make more general-purpose: instead of hardcoding a list of known subcommands, and duplicating sed pipelines for each, rely on 'podman help' itself to tell us which podman commands have subcommands; and examine each in turn. Should there ever be new subcommands, this will identify and test them. A special case is needed for 'podman image trust', whose documentation format doesn't match the others. The change to `common.go` fixes an inconsistency: the Usage message for commands with subcommands had an unnecessary blank line, making it harder to parse automatically. This simply produces consistent Usage messages for all podman commands. This script will not pass until #2480 is merged. After that, the goal is to add this as a CI hook. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Clean up man pages to match commandsDaniel J Walsh2019-02-27
| | | | | | Also add podman-commands.sh to compare man pages to commands. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* hack/tree_status.sh: preserve new linesValentin Rothberg2019-02-20
| | | | | | | | Quote the status output in echo to preserve the new lines. Having the output in one line complicated debugging issues and is not friendly to use. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* get_ci_vm : allow running without sudoEd Santiago2019-02-13
| | | | | | | | | | | | | | | | | | | | | | | | | | More complicated than one would think. The first problem is that, on certain (but not all) Fedora systems, podman cannot mount volumes read-only (issue #2312). This is baffling, and since it's not easily reproducible it's likely that the dev team will not spend much effort on it. Workaround: instead of bind- mounting /tmp read-only, bind-mount a *tempdir* (subdirectory) read-write. This is actually cleaner in some ways but it leads to complications with the paths we use and with cleanup. Next, allow overriding the default image and allow asking for no sudo: export GCLOUD_IMAGE=quay.io/edsantiago/gcloud_centos:latest export GCLOUD_SUDO= (yes, that's an equal-sign and EOL. Just an empty string). The third part, unfortunately, requires a custom image because the as_dollar_user.sh script (the one that runs gcloud in a container) is hardwired in a cevich image and needs tweaks in order to detect rootless and avoid sudo. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Cirrus: add vendor_check_taskValentin Rothberg2019-02-06
| | | | | | | | | | | * Make sure that all vendored dependencies are in sync with the code and the vendor.conf by running `make vendor` with a follow-up status check of the git tree. * Vendor ginkgo and gomega to include the test dependencies. Signed-off-by: Chris Evic <cevich@redhat.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Cirrus: Consolidate VM image names in once placeChris Evich2019-01-17
| | | | | | | | | | | | | | Previously it was not possible to specify keys from the ``env`` section in the various GCE sections. Now that features is added, consolidate all the cache image definitions into a single place, reducing maintenance burden. This also results in the names passing through into the VMs. This is useful, e.g. for future tracking of image usage statistics. Update get_ci_vm script hints for new image name definition format Signed-off-by: Chris Evich <cevich@redhat.com>
* [skip ci] Hack: Fix get_ci_vm.sh w/ gcloud ssh/scpChris Evich2019-01-14
| | | | | | | | | | | | | | | Previously, using the ssh command directly required obtaining the external IP of the VM and was then subject to the local configuration. If the local configuration and/or ssh keys are incorrect, these commands would fail, preventing automatic setup of the VM. Fix this by using the gcloud ssh and scp wrappers. Unfortunately rsync couldn't be made to work in this situation, so use a tarball to transfer the local repository to the VM. Lastly, execute `setup_environment.sh` script, then drop the caller into a bash shell sitting in the remote `$GOSRC` directory. Signed-off-by: Chris Evich <cevich@redhat.com>
* add container-init supportValentin Rothberg2019-01-04
| | | | | | | | | | | | | | | | | | | Add support for executing an init binary as PID 1 in a container to forward signals and reap processes. When the `--init` flag is set for podman-create or podman-run, the init binary is bind-mounted to `/dev/init` in the container and "/dev/init --" is prepended to the container's command. The default base path of the container-init binary is `/usr/libexec/podman` while the default binary is catatonit [1]. This default can be changed permanently via the `init_path` field in the `libpod.conf` configuration file (which is recommended for packaging) or temporarily via the `--init-path` flag of podman-create and podman-run. [1] https://github.com/openSUSE/catatonit Fixes: #1670 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add script to create CI VMs for debuggingChris Evich2018-12-14
| | | | | | | | | | | | Frequently debugging of CI-related problems requires going hands-on within the environment. However, reproducing the environment by hand is very tedious and error prone. This script permits authorized users to produce VM's based on any available cache-image, and automatically remove them upon logout. Also: Bump up VM disk sizes to 200GB due to performance reasons Signed-off-by: Chris Evich <cevich@redhat.com>
* remove hack/dindValentin Rothberg2018-10-10
| | | | | | | | | The docker-in-docker was script was needed to run AppArmor tests in Travis, which is not required anymore since Travis isn't being used for a while. Removing the script will also cure some hiccups on some atomic testing nodes. Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
* AppArmor: runtime check if it's enabled on the hostValentin Rothberg2018-07-23
| | | | | | | | | Check at runtime if AppArmor is enabled on the host. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1128 Approved by: mheon
* build: enable ostree in containers/storage when availableGiuseppe Scrivano2018-07-11
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1071 Approved by: rhatdan
* podman/libpod: add default AppArmor profileValentin Rothberg2018-07-11
| | | | | | | | | | | | | | | | | Make users of libpod more secure by adding the libpod/apparmor package to load a pre-defined AppArmor profile. Large chunks of libpod/apparmor come from github.com/moby/moby. Also check if a specified AppArmor profile is actually loaded and throw an error if necessary. The default profile is loaded only on Linux builds with the `apparmor` buildtag enabled. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1063 Approved by: rhatdan
* Makefile: Use 'git diff' to show gofmt changesW. Trevor King2018-07-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes fixing errors easier. Before this commit, errors looked like [1]: $ make gofmt libpod/container_linux.go:1::warning: file is not gofmted with -s (gofmt) make: *** [gofmt] Error 1 But that's not very helpful when your local gofmt thinks the file is fine. With this commit, errors will look like: $ make gofmt find . -name '*.go' ! -path './vendor/*' -exec gofmt -s -w {} \+ git diff --exit-code diff --git a/libpod/container_internal.go b/libpod/container_internal.go index df4de3fe..22b39870 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1,7 +1,7 @@ package libpod import ( -"bytes" + "bytes" "context" "encoding/json" "fmt" make: *** [Makefile:87: gofmt] Error 1 (or whatever, I just stuffed in a formatting error for demonstration purposes). Also remove the helper script in favor of direct Makefile calls, because with Git handling difference reporting and exit status, this becomes a simpler check. find's -exec, !, and -path arguments are specified in POSIX [2]. [1]: https://travis-ci.org/kubernetes-incubator/cri-o/jobs/331949394#L1075 [2]: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/find.html Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #1038 Approved by: rhatdan
* hack/ostree_tag.sh: Fill in OSTree dependenciesW. Trevor King2018-06-18
| | | | | | | | | | | | | | | | Copying the libraries from: $ git grep pkg-config vendor/github.com/containers/image/ vendor/github.com/containers/image/ostree/ostree_dest.go:// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1 libselinux vendor/github.com/containers/image/ostree/ostree_src.go:// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1 We need all of those to compile the vendored Go dependency, not just ostree-1. Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #958 Approved by: giuseppe
* hack/release.sh: Add a guard against -dev suffixes for argv[2]W. Trevor King2018-06-10
| | | | | | | | | | Because it's easier to recover from that if we fail early instead of going through and creating a "Bump to v1.2.3-dev-dev" commit, etc. Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #926 Approved by: rhatdan
* hack/release.sh: Bump spec in dev_version_commitW. Trevor King2018-06-01
| | | | | | | | | | | | | | | | | | Bump it to the next version (without a -dev suffix), based on the precedent set by 70672652 (Bump to v0.6.1-dev, 2018-05-25, #834). Previously I had VERSION there, which was a copy/paste error. I've also added an explicit write_spec_version to release_commit. That *should* be a no-op, with the spec version having already been set by the previous release's dev_version_commit. But better to be safe than to cut a release with the wrong version number in the spec file (e.g. maybe we guessed NEXT_VERSION wrong during the last release). Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #879 Approved by: mheon
* hack/release.sh: No longer need to bump setup.pyW. Trevor King2018-06-01
| | | | | | | | | | | | Since 727ecfea (Use Version from spec file in setup.py, 2018-05-18, #807), setup.py has been pulling this from a PODMAN_VERSION environment variable (which can be set in spec files), and there's no need for us to bump it as part of our releases. Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #879 Approved by: mheon
* hack/release.sh: Add a release scriptW. Trevor King2018-05-31
| | | | | | | | | | | | | | | | | | | | | | | Matthew had expressed interest in a lovely release script on IRC. Here's my attempt to encode the changes from the v0.5.4 release branch. I've also added tag signing, so you may be prompted for your passphrase during that step. The version scheme for 0.x.y is 0.${month}.${count_that_month} [1]. We could automatically calculate those with a dozen or so lines of shell script, but we don't think that's worth the maintenance burden when it's easy enough for the caller to think them up on their own [2]. The spec sed also bumps the Python package version to match, which seems like the intended behavior until 1.0 when the Python code will move into its own repository [3]. [1]: https://github.com/projectatomic/libpod/pull/867#issuecomment-393731907 [2]: https://github.com/projectatomic/libpod/pull/867#issuecomment-393743295 [3]: https://github.com/projectatomic/libpod/issues/786#issuecomment-390682012 Signed-off-by: W. Trevor King <wking@tremily.us>
* Makefile: Drop find-godeps.sh for podman targetW. Trevor King2018-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We inherited this from a031b83a (Initial checkin from CRI-O repo, 2017-11-01), but: * The output is actually going into bin/podman, so Make will rebuild this target every time. You'll never be able to save compilation because the target is newer than all the prerequisites. * Make expands prerequisites immediately when loading a Makefile [1], and on my wimpy Chromebook SD Card, this is *slow*: $ time hack/find-godeps.sh ~/.local/lib/go/src/github.com/projectatomic/libpod cmd/podman github.com/projectatomic/libpod ... real 0m56.225s user 0m44.918s sys 0m21.918s * Go is pretty good at this on its own, so having make call 'go build' every time will almost certainly be faster than us trying to mimic this in a shell script. And by punting to Go in the recipe, Make invocations that do not need the podman target (e.g. 'make help') can skip the dependency lookup entirely. [1]: https://www.gnu.org/software/make/manual/html_node/Reading-Makefiles.html#Rule-Definition Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #776 Approved by: rhatdan
* Initial varlink implementationbaude2018-04-23
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #627 Approved by: mheon
* Add fix_gofmt targetbaude2017-12-13
| | | | | | | | | | | fix_gofmt will run gofmt -s -w on files that need to be formatted. Useful for developers prior to checking code in. Signed-off-by: baude <bbaude@redhat.com> Closes: #125 Approved by: baude
* Narrow gofmt targetsbaude2017-11-27
| | | | | | | | | Disregard _output for gofmt'ing Signed-off-by: baude <bbaude@redhat.com> Closes: #77 Approved by: rhatdan
* Initial checkin from CRI-O repoMatthew Heon2017-11-01
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>