summaryrefslogtreecommitdiff
path: root/hack
Commit message (Collapse)AuthorAge
* get_ci_vm : allow running without sudoEd Santiago2019-02-13
| | | | | | | | | | | | | | | | | | | | | | | | | | More complicated than one would think. The first problem is that, on certain (but not all) Fedora systems, podman cannot mount volumes read-only (issue #2312). This is baffling, and since it's not easily reproducible it's likely that the dev team will not spend much effort on it. Workaround: instead of bind- mounting /tmp read-only, bind-mount a *tempdir* (subdirectory) read-write. This is actually cleaner in some ways but it leads to complications with the paths we use and with cleanup. Next, allow overriding the default image and allow asking for no sudo: export GCLOUD_IMAGE=quay.io/edsantiago/gcloud_centos:latest export GCLOUD_SUDO= (yes, that's an equal-sign and EOL. Just an empty string). The third part, unfortunately, requires a custom image because the as_dollar_user.sh script (the one that runs gcloud in a container) is hardwired in a cevich image and needs tweaks in order to detect rootless and avoid sudo. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Cirrus: add vendor_check_taskValentin Rothberg2019-02-06
| | | | | | | | | | | * Make sure that all vendored dependencies are in sync with the code and the vendor.conf by running `make vendor` with a follow-up status check of the git tree. * Vendor ginkgo and gomega to include the test dependencies. Signed-off-by: Chris Evic <cevich@redhat.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Cirrus: Consolidate VM image names in once placeChris Evich2019-01-17
| | | | | | | | | | | | | | Previously it was not possible to specify keys from the ``env`` section in the various GCE sections. Now that features is added, consolidate all the cache image definitions into a single place, reducing maintenance burden. This also results in the names passing through into the VMs. This is useful, e.g. for future tracking of image usage statistics. Update get_ci_vm script hints for new image name definition format Signed-off-by: Chris Evich <cevich@redhat.com>
* [skip ci] Hack: Fix get_ci_vm.sh w/ gcloud ssh/scpChris Evich2019-01-14
| | | | | | | | | | | | | | | Previously, using the ssh command directly required obtaining the external IP of the VM and was then subject to the local configuration. If the local configuration and/or ssh keys are incorrect, these commands would fail, preventing automatic setup of the VM. Fix this by using the gcloud ssh and scp wrappers. Unfortunately rsync couldn't be made to work in this situation, so use a tarball to transfer the local repository to the VM. Lastly, execute `setup_environment.sh` script, then drop the caller into a bash shell sitting in the remote `$GOSRC` directory. Signed-off-by: Chris Evich <cevich@redhat.com>
* add container-init supportValentin Rothberg2019-01-04
| | | | | | | | | | | | | | | | | | | Add support for executing an init binary as PID 1 in a container to forward signals and reap processes. When the `--init` flag is set for podman-create or podman-run, the init binary is bind-mounted to `/dev/init` in the container and "/dev/init --" is prepended to the container's command. The default base path of the container-init binary is `/usr/libexec/podman` while the default binary is catatonit [1]. This default can be changed permanently via the `init_path` field in the `libpod.conf` configuration file (which is recommended for packaging) or temporarily via the `--init-path` flag of podman-create and podman-run. [1] https://github.com/openSUSE/catatonit Fixes: #1670 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add script to create CI VMs for debuggingChris Evich2018-12-14
| | | | | | | | | | | | Frequently debugging of CI-related problems requires going hands-on within the environment. However, reproducing the environment by hand is very tedious and error prone. This script permits authorized users to produce VM's based on any available cache-image, and automatically remove them upon logout. Also: Bump up VM disk sizes to 200GB due to performance reasons Signed-off-by: Chris Evich <cevich@redhat.com>
* remove hack/dindValentin Rothberg2018-10-10
| | | | | | | | | The docker-in-docker was script was needed to run AppArmor tests in Travis, which is not required anymore since Travis isn't being used for a while. Removing the script will also cure some hiccups on some atomic testing nodes. Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
* AppArmor: runtime check if it's enabled on the hostValentin Rothberg2018-07-23
| | | | | | | | | Check at runtime if AppArmor is enabled on the host. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1128 Approved by: mheon
* build: enable ostree in containers/storage when availableGiuseppe Scrivano2018-07-11
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1071 Approved by: rhatdan
* podman/libpod: add default AppArmor profileValentin Rothberg2018-07-11
| | | | | | | | | | | | | | | | | Make users of libpod more secure by adding the libpod/apparmor package to load a pre-defined AppArmor profile. Large chunks of libpod/apparmor come from github.com/moby/moby. Also check if a specified AppArmor profile is actually loaded and throw an error if necessary. The default profile is loaded only on Linux builds with the `apparmor` buildtag enabled. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1063 Approved by: rhatdan
* Makefile: Use 'git diff' to show gofmt changesW. Trevor King2018-07-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes fixing errors easier. Before this commit, errors looked like [1]: $ make gofmt libpod/container_linux.go:1::warning: file is not gofmted with -s (gofmt) make: *** [gofmt] Error 1 But that's not very helpful when your local gofmt thinks the file is fine. With this commit, errors will look like: $ make gofmt find . -name '*.go' ! -path './vendor/*' -exec gofmt -s -w {} \+ git diff --exit-code diff --git a/libpod/container_internal.go b/libpod/container_internal.go index df4de3fe..22b39870 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1,7 +1,7 @@ package libpod import ( -"bytes" + "bytes" "context" "encoding/json" "fmt" make: *** [Makefile:87: gofmt] Error 1 (or whatever, I just stuffed in a formatting error for demonstration purposes). Also remove the helper script in favor of direct Makefile calls, because with Git handling difference reporting and exit status, this becomes a simpler check. find's -exec, !, and -path arguments are specified in POSIX [2]. [1]: https://travis-ci.org/kubernetes-incubator/cri-o/jobs/331949394#L1075 [2]: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/find.html Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #1038 Approved by: rhatdan
* hack/ostree_tag.sh: Fill in OSTree dependenciesW. Trevor King2018-06-18
| | | | | | | | | | | | | | | | Copying the libraries from: $ git grep pkg-config vendor/github.com/containers/image/ vendor/github.com/containers/image/ostree/ostree_dest.go:// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1 libselinux vendor/github.com/containers/image/ostree/ostree_src.go:// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1 We need all of those to compile the vendored Go dependency, not just ostree-1. Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #958 Approved by: giuseppe
* hack/release.sh: Add a guard against -dev suffixes for argv[2]W. Trevor King2018-06-10
| | | | | | | | | | Because it's easier to recover from that if we fail early instead of going through and creating a "Bump to v1.2.3-dev-dev" commit, etc. Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #926 Approved by: rhatdan
* hack/release.sh: Bump spec in dev_version_commitW. Trevor King2018-06-01
| | | | | | | | | | | | | | | | | | Bump it to the next version (without a -dev suffix), based on the precedent set by 70672652 (Bump to v0.6.1-dev, 2018-05-25, #834). Previously I had VERSION there, which was a copy/paste error. I've also added an explicit write_spec_version to release_commit. That *should* be a no-op, with the spec version having already been set by the previous release's dev_version_commit. But better to be safe than to cut a release with the wrong version number in the spec file (e.g. maybe we guessed NEXT_VERSION wrong during the last release). Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #879 Approved by: mheon
* hack/release.sh: No longer need to bump setup.pyW. Trevor King2018-06-01
| | | | | | | | | | | | Since 727ecfea (Use Version from spec file in setup.py, 2018-05-18, #807), setup.py has been pulling this from a PODMAN_VERSION environment variable (which can be set in spec files), and there's no need for us to bump it as part of our releases. Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #879 Approved by: mheon
* hack/release.sh: Add a release scriptW. Trevor King2018-05-31
| | | | | | | | | | | | | | | | | | | | | | | Matthew had expressed interest in a lovely release script on IRC. Here's my attempt to encode the changes from the v0.5.4 release branch. I've also added tag signing, so you may be prompted for your passphrase during that step. The version scheme for 0.x.y is 0.${month}.${count_that_month} [1]. We could automatically calculate those with a dozen or so lines of shell script, but we don't think that's worth the maintenance burden when it's easy enough for the caller to think them up on their own [2]. The spec sed also bumps the Python package version to match, which seems like the intended behavior until 1.0 when the Python code will move into its own repository [3]. [1]: https://github.com/projectatomic/libpod/pull/867#issuecomment-393731907 [2]: https://github.com/projectatomic/libpod/pull/867#issuecomment-393743295 [3]: https://github.com/projectatomic/libpod/issues/786#issuecomment-390682012 Signed-off-by: W. Trevor King <wking@tremily.us>
* Makefile: Drop find-godeps.sh for podman targetW. Trevor King2018-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We inherited this from a031b83a (Initial checkin from CRI-O repo, 2017-11-01), but: * The output is actually going into bin/podman, so Make will rebuild this target every time. You'll never be able to save compilation because the target is newer than all the prerequisites. * Make expands prerequisites immediately when loading a Makefile [1], and on my wimpy Chromebook SD Card, this is *slow*: $ time hack/find-godeps.sh ~/.local/lib/go/src/github.com/projectatomic/libpod cmd/podman github.com/projectatomic/libpod ... real 0m56.225s user 0m44.918s sys 0m21.918s * Go is pretty good at this on its own, so having make call 'go build' every time will almost certainly be faster than us trying to mimic this in a shell script. And by punting to Go in the recipe, Make invocations that do not need the podman target (e.g. 'make help') can skip the dependency lookup entirely. [1]: https://www.gnu.org/software/make/manual/html_node/Reading-Makefiles.html#Rule-Definition Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #776 Approved by: rhatdan
* Initial varlink implementationbaude2018-04-23
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #627 Approved by: mheon
* Add fix_gofmt targetbaude2017-12-13
| | | | | | | | | | | fix_gofmt will run gofmt -s -w on files that need to be formatted. Useful for developers prior to checking code in. Signed-off-by: baude <bbaude@redhat.com> Closes: #125 Approved by: baude
* Narrow gofmt targetsbaude2017-11-27
| | | | | | | | | Disregard _output for gofmt'ing Signed-off-by: baude <bbaude@redhat.com> Closes: #77 Approved by: rhatdan
* Initial checkin from CRI-O repoMatthew Heon2017-11-01
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>