| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
| |
Add at least a basic unit test for the various entry types.
So that we don't have to actually deal with GPG keys and /usr/bin/gpg*,
parametrize the code with a gpgIDReader , and pass a fake one
in the unit test.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
| |
Sort map keys instead of iterating in the Go-imposed random order.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
|
|
| |
We now have only a few entrypoints that are called externally,
so make the rest private. This will make it more obvious that
we are not breaking any external users.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This will allow us to write unit tests without setting up the complete Podman runtime
(and without the Linux dependency).
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
|
|
| |
NOTE: This does not edit the use-sigstore-attachments value
in registries.d, similarly to how (podman image trust set) didn't
set the lookaside paths for simple signing.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
|
|
| |
That way, we don't have to switch over trustType twice.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
|
|
| |
- Also reject public keys with types that don't use them
- Reject unknown trust types
- And add unit tests
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This will allow us to write unit tests without setting up the complete Podman runtime
(and without the Linux dependency).
Also, actually add a basic smoke test of the core functionality.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Only process the incoming args[] (which is a single-element array
for some reason) once, and use a semantic variable name for the value
we care about.
Should not change behavior, the only caller already supposedly ensures
that len(args) == 1.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
|
|
| |
Nothing uses it outside the package.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Split the existing code into policy.go and registries.go,
depending on which files it concerns.
Only moves unchanged code, should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
| |
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
We can always recover it from git, but it seems to serve
no purpose anyway.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |\
| |
| | |
Add support for containers.conf volume timeouts
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also, do a general cleanup of all the timeout code. Changes
include:
- Convert from int to *uint where possible. Timeouts cannot be
negative, hence the uint change; and a timeout of 0 is valid,
so we need a new way to detect that the user set a timeout
(hence, pointer).
- Change name in the database to avoid conflicts between new data
type and old one. This will cause timeouts set with 4.2.0 to be
lost, but considering nobody is using the feature at present
(and the lack of validation means we could have invalid,
negative timeouts in the DB) this feels safe.
- Ensure volume plugin timeouts can only be used with volumes
created using a plugin. Timeouts on the local driver are
nonsensical.
- Remove the existing test, as it did not use a volume plugin.
Write a new test that does.
The actual plumbing of the containers.conf timeout in is one line
in volume_api.go; the remainder are the above-described cleanups.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \
| | |
| | | |
run,create: add support for `--env-merge` for preprocessing default environment variables
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allow end users to preprocess default environment variables before
injecting them into container using `--env-merge`
Usage
```
podman run -it --rm --env-merge some=${some}-edit --env-merge
some2=${some2}-edit2 myimage sh
```
Closes: https://github.com/containers/podman/issues/15288
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Simplify ImagesPull for when Quiet flag is on
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Request object has its own context which must be used during a request
lifetime instead of just context.Background()
[NO NEW TESTS NEEDED]
Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Refactor ImagesPull the same way the ImagesPush and ManifestPush are
done.
[NO NEW TESTS NEEDED]
Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
|
| |\ \ \
| |_|/
|/| | |
Improved Windows compatibility
|
| | |/
| |
| |
| | |
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
|
| |\ \
| | |
| | | |
Refactor: About the RawInput process
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Refactor the RawInput process of the `rm` and
`start` subcommands, like the other subcommands
such as `restart, stop, etc`.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |\ \
| | |
| | | |
pass environment variables to container clone
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
the env vars are held in the spec rather than the config, so they need to be mapped manually. They are also of a different format so special handling needed to be added. All env from the parent container will now be passed to the clone.
resolves #15242
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an unsupported limit on cgroups V1 rootless systems
is requested, podman prints an warning message and
ignores the option/flag.
```
Target options/flags:
--cpu-period, --cpu-quota, --cpu-rt-period, --cpu-rt-runtime,
--cpus, --cpu-shares, --cpuset-cpus, --cpuset-mems, --memory,
--memory-reservation, --memory-swap, --memory-swappiness,
--blkio-weight, --device-read-bps, --device-write-bps,
--device-read-iops, --device-write-iops, --blkio-weight-device
```
Related to https://github.com/containers/podman/discussions/10152
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |\
| |
| | |
sort hc.Binds returned from compat api
|
| | |
| |
| |
| | |
Signed-off-by: Josh Patterson <josh.patterson@securityonionsolutions.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Run machine tests on every PR as label-driven machine test
triggering is currently hard to predict and debug.
Co-authored-by: Ed Santiago <santiago@redhat.com>
Co-authored-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |\ \
| | |
| | | |
Add restart --cidfile, --filter
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
--cidfile : Read container ID from the specified file and restart the container.
--filter : restart the filtered container.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| | |
Accept a --amend flag in `podman manifest create`, and treat
`--insecure` as we would `--tls-verify=false` in `podman manifest`'s
"add", "create", and "push" subcommands.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |\ \
| | |
| | | |
Add "podman kube generate" command
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
"podman kube generate" creates Kubernetes YAML from Podman containers,
pods or volumes. Users will still be able to use "podman generate
kube" as an alias of "kube generate".
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Fixes: https://github.com/containers/podman/issues/15295
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This introduces a local type rlimT which is used to convert runtime-spec
POSIXRlimit to platform-specific Rlimit structures - on FreeBSD rlimit
members are signed integers.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add missing symbols for freebsd and freebsd/amd64.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | |/
|/|
| |
| |
| |
| |
| |
| | |
Remove freebsd from the unsupported list and add missing symbols.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\ \
| | |
| | | |
remote manifest push: show copy progress
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`podman-remote manifest push` has shown absolutely no progress at all.
Fix that by doing the same as the remote-push code does.
Like remote-push, `quiet` parameter is true by default for backwards
compatibility.
Signed-off-by: Naoto Kobayashi <naoto.kobayashi4c@gmail.com>
|
| |\ \ \
| |_|/
|/| | |
fix LogConfig type for libpod API
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
our native API was consuming the docker compat type for the API since the two have the exact same name. Fix this by renaming
LogConfig to LogConfigLibpod
resolves #15138
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Integrate sd-notify policies into `kube play`. The policies can be
configured for all contianers via the `io.containers.sdnotify`
annotation or for indidivual containers via the
`io.containers.sdnotify/$name` annotation.
The `kube play` process will wait for all containers to be ready by
waiting for the individual `READY=1` messages which are received via
the `pkg/systemd/notifyproxy` proxy mechanism.
Also update the simple "container" sd-notify test as it did not fully
test the expected behavior which became obvious when adding the new
tests.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The notify socket can now either be specified via an environment
variable or programatically (where the env is ignored). The
notify mode and the socket are now also displayed in `container inspect`
which comes in handy for debugging and allows for propper testing.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| | |
Add a new package for proxying notify sockets and waiting for the
READY=1 message to appear. May subject to further changes in
future commits.
Tests make sure that it behaves properly.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\ \
| | |
| | | |
podman generate spec
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
implement a new command `podman generate spec` which can formulate a json specgen to be consumed by both the pod
and container creation API.
supported flags are
--verbose (default true) print output to the terminal
--compact print the json output in a single line format to be piped to the API
--filename put the output in a file
--clone rename the pod/ctr in the spec so it won't conflict w/ an existing entity
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
