| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Sigstore sign
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Allow creating sigstore signatures via --sign-by-sigstore-private-key .
Like existing --sign-by, it does not work remote (in this case
because we would have to copy the private key to the server).
- Allow passing a passphrase (which is mandatory for sigstore private keys)
via --sign-passphrase-file; if it is not provided, prompt interactively.
- Also, use that passphrase for --sign-by as well, allowing non-interactive
GPG use. (But --sign-passphrase-file can only be used with _one of_
--sign-by and --sign-by-sigstore-private-key.)
Note that unlike the existing code, (podman build) does not yet
implement sigstore (I'm not sure why it needs to, it seems not to
push images?) because Buildah does not expose the feature yet.
Also, (podman image sign) was not extended to support sigstore.
The test for this follows existing (podman image sign) tests
and doesn't work rootless; that could be improved by exposing
a registries.d override option.
The test for push is getting large; I didn't want to
start yet another registry container, but that would be an
alternative. In the future, Ginkgo's Ordered/BeforeAll
would allow starting a registry once and using it for two
tests.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
local/remote mode.
Also Fix usage of flag "--compression-format" for remote "podman image push". Fix usage of flags "--format", "--remove-signatures" in remote "podman manifest push".
Closes #15109.
Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
|
|
|
|
|
|
| |
Fixes https://github.com/containers/podman/issues/15049
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Fix: manifest push --rm removes a correct manifest list
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This bug is reproduced when we execute the following command:
1. podman manifest add <manifest list> <images exist on local storage>
2. podman manifest push --rm <manifest list> dir:<directory>
If pushing succeeds, it is expected to remove only a manifest list.
However, manifest list remains on local storage and images are removed.
This commit fixes `podman manifest push --rm` to remove only a manifest list.
And, supports `manifest push --rm option` in remote environment,
like host environment.
Fixes: https://github.com/containers/podman/issues/15033
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
|/
|
|
|
|
|
|
|
| |
network and container prune could not handle the label!=... filter. vendor in c/common to fix this and
add some podman level handling to make everything run smoothly
resolves #14182
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
|\
| |
| | |
Add pause/unpause --latest, --cidfile, --filter
|
| |
| |
| |
| |
| |
| |
| |
| | |
--latest : pause/unpause the latest container.
--filter : pause/unpause the filtered container.
--cidfile : Read container ID from the specified file and pause/unpause the container.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
|\ \
| | |
| | | |
Implement kubernetes secret handling for podman play kube
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
add support for both creating a secret using yaml and mounting a secret as a volume given a yaml file.
Kubernetes secrets have a different structure than podman and therefore have to be handeled differently.
In this PR, I have introduced the basic usecases of kube secrets with more implementations like env secrets
to come!
resolves #12396
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
|\ \
| | |
| | | |
enable linter for pkg/machine/e2e
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The same problem again as 4374038cc67405e3f5555b1870d5bb7f6570fa5d.
Also fix the incorrect --format autocompletion struct.
It should be avoided to import cmd/podman/... packages from outside of
cmd/podman. This can lead in weird hard to debug import paths but also
can have negative consequences when imported in unit tests. In this case
it will set XDG_CONFIG_HOME and thus the machine tests this dir over the
tmp HOME env variable which is set at a later point. This caused machine
files to be leaked into the actual users home dir.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`podman-remote push` has shown absolutely no progress at all. Fix that
by doing essentially the same as the remote-pull code does.
The get-free-out-of-jail-card for backwards compatibility is to let the
`quiet` parameter default to true. Since the --quioet flag wasn't
working before either, older Podman clients do not set it.
Also add regression tests to make sure we won't regress again.
Fixes: #11554
Fixes: #14971
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|\ \
| |/
|/| |
Update init ctr default for play kube
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Update the init container type default to once instead
of always to match k8s behavior.
Add a new annotation that can be used to change the init
ctr type in the kube yaml.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
|/
|
|
|
|
|
|
|
|
| |
There is a possibility that podman does not output expected error message.
(e.g. When pause rootless cgroups v1 container on host)
This problem is solved by appending `report.Errs` to `reports` before `continue`.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
|
|
|
|
|
|
| |
Filter flag is added for podman stop and podman --remote stop. Filtering logic is implemented in
getContainersAndInputByContext(). Start filtering can be manipulated to use this logic as well to limit redundancy.
Signed-off-by: Karthik Elango <kelango@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The "podman kube play" command is designed to be a replacement for the
"podman play kube" command.
It performs the same function as "play kube" while also still working with the same flags and options.
The "podman play kube" command is still functional as an alias of "kube play".
Closes #12475
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
if podman is running in the root cgroup, it will create a new
subcgroup and move itself there.
[NO NEW TESTS NEEDED] it needs nested podman
Closes: https://github.com/containers/podman/issues/14884
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Add ports and hostname correctly in kube yaml
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If a pod is created without net sharing, allow adding
separate ports for each container to the kube yaml
and also set the pod level hostname correctly if the
uts namespace is not being shared.
Add a warning if the default namespace sharing options
have been modified by the user.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
|\ \
| | |
| | | |
Refactored networkPrune function
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Refactored the networkPrune function to improve readability.
This commit changes the `networkPrune` function to
use the `PrintNetworkPruneResults` function.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
|\ \ \
| | | |
| | | | |
podman wait can take multiple conditions
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Podman wait should not be defaulting to just stopped. By default
wait API waits for stopped and exited. We should not override this on
the client side.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
pkg: switch to golang native error wrapping
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
[NO NEW TESTS NEEDED]
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It should be avoided to import cmd/podman/... packages from outside of
cmd/podman. This can lead in weird hard to debug import paths but also
can have negative consequences when imported in unit tests. In this case
it will set XDG_CONFIG_HOME and thus the machine tests this dir over the
tmp HOME env variable which is set at a later point. This caused machine
files to be leaked into the actual users home dir.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
Since conmon-rs also uses this code we moved it to c/common. Now podman
should has this also to prevent duplication.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\
| |
| | |
Fix podman pod unpause TODO
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Update the podman pod unpause to only show the paused
containers with autocomplete.
Fix a typo in the help command.
Update the unpause function to only attempt an unpause
on pasued pods instead of all the pods.
Update the tests accordingly.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
[NO NEW TESTS NEEDED]
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
|
|\
| |
| | |
libpod/runtime: switch to golang native error wrapping
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
[NO NEW TESTS NEEDED]
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
|
|\ \
| |/
|/| |
podman volume create --opt=o=timeout...
|
| |
| |
| |
| |
| |
| |
| | |
add an option to configure the driver timeout when creating a volume.
The default is 5 seconds but this value is too small for some custom drivers.
Signed-off-by: cdoern <cdoern@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
ImagesBatchRemoval and ImageRemoval now honors and accepts
`LookupManifest` parameter which further tells libimage to resolve to
manifest list if it exists instead of actual image.
Following PR also makes `podman-remote manifest rm` functional which was
broken till now.
Closes: https://github.com/containers/podman/issues/14763
Signed-off-by: Aditya R <arajan@redhat.com>
|
|\ \
| | |
| | | |
bindings: Add support for `Delete` for deleting manifest list from local storage.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bindings already support `Remove` which removes a manifest from the list
following function adds support for removing entire manifest for local
storage.
Similar functionality can be also used indirectly by using `Remove` defined in
image bindings
Signed-off-by: Aditya R <arajan@redhat.com>
|
|\ \ \
| | | |
| | | | |
fix volume reporting in system df
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
currently, podman system df incorrectly calculates the reclaimable storage for
volumes, using a cumulative reclaimable variable that is incremented and placed into each
report entry causing values to rise above 100%.
Switch this variables to be in the context of the loop, so it resets per volume just like the size variable does.
resolves #13516
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
add support for podman-remote image scp as well as direct access via the API. This entailed
a full rework of the layering of image scp functions as well as the usual API plugging and type creation
also, implemented podman image scp tagging. which makes the syntax much more readable and allows users t tag the new image
they are loading to the local/remote machine:
allow users to pass a "new name" for the image they are transferring
`podman tag` as implemented creates a new image im `image list` when tagging, so this does the same
meaning that when transferring images with tags, podman on the remote machine/user will load two images
ex: `podman image scp computer1::alpine computer2::foobar` creates alpine:latest and localhost/foobar on the remote host
implementing tags means removal of the flexible syntax. In the currently released podman image scp, the user can either specify
`podman image scp source::img dest::` or `podman image scp dest:: source::img`. However, with tags this task becomes really hard to check
which is the image (src) and which is the new tag (dst). Removal of that streamlines the arg parsing process
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
|\ \ \
| | | |
| | | | |
pod: ps does not race with rm
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
the "pod ps" command first retrieves the list of all pods, then
iterates over the list to inspect each pod. This introduce a race
since a pod could be deleted in the meanwhile by another process.
Solve it by ignoring the define.ErrNoSuchPod error.
Closes: https://github.com/containers/podman/issues/14736
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
it is a preparatory change for the next commit.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
add podman volume reload to sync volume plugins
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Libpod requires that all volumes are stored in the libpod db. Because
volume plugins can be created outside of podman, it will not show all
available plugins. This podman volume reload command allows users to
sync the libpod db with their external volume plugins. All new volumes
from the plugin are also created in the libpod db and when a volume from
the db no longer exists it will be removed if possible.
There are some problems:
- naming conflicts, in this case we only use the first volume we found.
This is not deterministic.
- race conditions, we have no control over the volume plugins. It is
possible that the volumes changed while we run this command.
Fixes #14207
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|