aboutsummaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Move most of imageEngine.SetTrust to pkg/trust.AddPolicyEntriesMiloslav Trmač2022-08-25
| | | | | | | | | | | This will allow us to write unit tests without setting up the complete Podman runtime (and without the Linux dependency). Also, actually add a basic smoke test of the core functionality. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Add a variable for scopeMiloslav Trmač2022-08-25
| | | | | | | | | | | Only process the incoming args[] (which is a single-element array for some reason) once, and use a semantic variable name for the value we care about. Should not change behavior, the only caller already supposedly ensures that len(args) == 1. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Make trust.CreateTempFile privateMiloslav Trmač2022-08-25
| | | | | | | | Nothing uses it outside the package. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Reorganize pkg/trustMiloslav Trmač2022-08-25
| | | | | | | | | Split the existing code into policy.go and registries.go, depending on which files it concerns. Only moves unchanged code, should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Remove an unused trust.ShowOutput typeMiloslav Trmač2022-08-25
| | | | | | Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Remove commented out codeMiloslav Trmač2022-08-25
| | | | | | | | | We can always recover it from git, but it seems to serve no purpose anyway. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Merge pull request #15437 from mheon/default_volume_timeoutOpenShift Merge Robot2022-08-24
|\ | | | | Add support for containers.conf volume timeouts
| * Add support for containers.conf volume timeoutsMatthew Heon2022-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also, do a general cleanup of all the timeout code. Changes include: - Convert from int to *uint where possible. Timeouts cannot be negative, hence the uint change; and a timeout of 0 is valid, so we need a new way to detect that the user set a timeout (hence, pointer). - Change name in the database to avoid conflicts between new data type and old one. This will cause timeouts set with 4.2.0 to be lost, but considering nobody is using the feature at present (and the lack of validation means we could have invalid, negative timeouts in the DB) this feels safe. - Ensure volume plugin timeouts can only be used with volumes created using a plugin. Timeouts on the local driver are nonsensical. - Remove the existing test, as it did not use a volume plugin. Write a new test that does. The actual plumbing of the containers.conf timeout in is one line in volume_api.go; the remainder are the above-described cleanups. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #15443 from flouthoc/env-merge-supportOpenShift Merge Robot2022-08-24
|\ \ | | | | | | run,create: add support for `--env-merge` for preprocessing default environment variables
| * | run,create: add support for --env-merge for preprocessing varsAditya R2022-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow end users to preprocess default environment variables before injecting them into container using `--env-merge` Usage ``` podman run -it --rm --env-merge some=${some}-edit --env-merge some2=${some2}-edit2 myimage sh ``` Closes: https://github.com/containers/podman/issues/15288 Signed-off-by: Aditya R <arajan@redhat.com>
* | | Merge pull request #15351 from marshall-lee/images-pull-simpleOpenShift Merge Robot2022-08-24
|\ \ \ | |/ / |/| | Simplify ImagesPull for when Quiet flag is on
| * | Add ProgressWriter to PullOptionsVladimir Kochnev2022-08-19
| | | | | | | | | | | | Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
| * | Use request Context() in API handlersVladimir Kochnev2022-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | Request object has its own context which must be used during a request lifetime instead of just context.Background() [NO NEW TESTS NEEDED] Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
| * | Simplify ImagesPull for when Quiet flag is onVladimir Kochnev2022-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | Refactor ImagesPull the same way the ImagesPush and ManifestPush are done. [NO NEW TESTS NEEDED] Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
* | | Merge pull request #15372 from arixmkii/win_compatOpenShift Merge Robot2022-08-23
|\ \ \ | |_|/ |/| | Improved Windows compatibility
| * | Improved Windows compatibilityArthur Sengileyev2022-08-23
| |/ | | | | | | Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
* | Merge pull request #15421 from sstosh/refactor-rawinputOpenShift Merge Robot2022-08-23
|\ \ | | | | | | Refactor: About the RawInput process
| * | Refactor: About the RawInput processToshiki Sonoda2022-08-23
| |/ | | | | | | | | | | | | | | | | | | Refactor the RawInput process of the `rm` and `start` subcommands, like the other subcommands such as `restart, stop, etc`. [NO NEW TESTS NEEDED] Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | Merge pull request #15415 from cdoern/cloneOpenShift Merge Robot2022-08-23
|\ \ | | | | | | pass environment variables to container clone
| * | pass environment variables to container cloneCharlie Doern2022-08-22
| |/ | | | | | | | | | | | | | | the env vars are held in the spec rather than the config, so they need to be mapped manually. They are also of a different format so special handling needed to be added. All env from the parent container will now be passed to the clone. resolves #15242 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* / Warning messages are printed and ignored if we use an unsupported optionToshiki Sonoda2022-08-23
|/ | | | | | | | | | | | | | | | | | | When an unsupported limit on cgroups V1 rootless systems is requested, podman prints an warning message and ignores the option/flag. ``` Target options/flags: --cpu-period, --cpu-quota, --cpu-rt-period, --cpu-rt-runtime, --cpus, --cpu-shares, --cpuset-cpus, --cpuset-mems, --memory, --memory-reservation, --memory-swap, --memory-swappiness, --blkio-weight, --device-read-bps, --device-write-bps, --device-read-iops, --device-write-iops, --blkio-weight-device ``` Related to https://github.com/containers/podman/discussions/10152 Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* Merge pull request #15368 from m0duspwnens/api_sort_hc_bindsOpenShift Merge Robot2022-08-17
|\ | | | | sort hc.Binds returned from compat api
| * sort hc.Binds returned from compat apiJosh Patterson2022-08-17
| | | | | | | | Signed-off-by: Josh Patterson <josh.patterson@securityonionsolutions.com>
* | Cirrus: add podman_machine_aarch64Lokesh Mandvekar2022-08-17
| | | | | | | | | | | | | | | | | | Run machine tests on every PR as label-driven machine test triggering is currently hard to predict and debug. Co-authored-by: Ed Santiago <santiago@redhat.com> Co-authored-by: Miloslav Trmač <mitr@redhat.com> Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | Merge pull request #14999 from sstosh/restart-optionOpenShift Merge Robot2022-08-17
|\ \ | | | | | | Add restart --cidfile, --filter
| * | Add restart --cidfile, --filterToshiki Sonoda2022-08-12
| | | | | | | | | | | | | | | | | | | | | --cidfile : Read container ID from the specified file and restart the container. --filter : restart the filtered container. Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | podman manifest create: accept --amend and --insecure flagsNalin Dahyabhai2022-08-16
| |/ |/| | | | | | | | | | | | | Accept a --amend flag in `podman manifest create`, and treat `--insecure` as we would `--tls-verify=false` in `podman manifest`'s "add", "create", and "push" subcommands. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | Merge pull request #15270 from nicrowe00/kubegenerateOpenShift Merge Robot2022-08-16
|\ \ | | | | | | Add "podman kube generate" command
| * | Add "podman kube generate" commandNiall Crowe2022-08-11
| | | | | | | | | | | | | | | | | | | | | | | | "podman kube generate" creates Kubernetes YAML from Podman containers, pods or volumes. Users will still be able to use "podman generate kube" as an alias of "kube generate". Signed-off-by: Niall Crowe <nicrowe@redhat.com>
* | | Don't warn on '/' not being shared while in a containerDaniel J Walsh2022-08-15
| | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/15295 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | pkg/domain: Add stubs for non-linux buildsDoug Rabson2022-08-15
| | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | pkg/specgen: Add stubs for non-linux buildsDoug Rabson2022-08-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This introduces a local type rlimT which is used to convert runtime-spec POSIXRlimit to platform-specific Rlimit structures - on FreeBSD rlimit members are signed integers. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | pkg: Build pkg/machine on FreeBSDDoug Rabson2022-08-13
| | | | | | | | | | | | | | | | | | | | | | | | Add missing symbols for freebsd and freebsd/amd64. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | pkg: Build pkg/util on FreeBSDDoug Rabson2022-08-13
| |/ |/| | | | | | | | | | | | | Remove freebsd from the unsupported list and add missing symbols. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | Merge pull request #15285 from YoitoFes/fix-15210OpenShift Merge Robot2022-08-11
|\ \ | | | | | | remote manifest push: show copy progress
| * | remote manifest push: show copy progressNaoto Kobayashi2022-08-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `podman-remote manifest push` has shown absolutely no progress at all. Fix that by doing the same as the remote-push code does. Like remote-push, `quiet` parameter is true by default for backwards compatibility. Signed-off-by: Naoto Kobayashi <naoto.kobayashi4c@gmail.com>
* | | Merge pull request #15157 from cdoern/apiLogOpenShift Merge Robot2022-08-11
|\ \ \ | |_|/ |/| | fix LogConfig type for libpod API
| * | fix LogConfig type for libpod APICharlie Doern2022-08-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] our native API was consuming the docker compat type for the API since the two have the exact same name. Fix this by renaming LogConfig to LogConfigLibpod resolves #15138 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | kube play: sd-notify integrationValentin Rothberg2022-08-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Integrate sd-notify policies into `kube play`. The policies can be configured for all contianers via the `io.containers.sdnotify` annotation or for indidivual containers via the `io.containers.sdnotify/$name` annotation. The `kube play` process will wait for all containers to be ready by waiting for the individual `READY=1` messages which are received via the `pkg/systemd/notifyproxy` proxy mechanism. Also update the simple "container" sd-notify test as it did not fully test the expected behavior which became obvious when adding the new tests. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | libpod: allow the notify socket to be passed programaticallyValentin Rothberg2022-08-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | The notify socket can now either be specified via an environment variable or programatically (where the env is ignored). The notify mode and the socket are now also displayed in `container inspect` which comes in handy for debugging and allows for propper testing. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | add `pkg/systemd/notifyproxy`Valentin Rothberg2022-08-10
| |/ |/| | | | | | | | | | | | | | | | | Add a new package for proxying notify sockets and waiting for the READY=1 message to appear. May subject to further changes in future commits. Tests make sure that it behaves properly. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #14926 from cdoern/generateSpecOpenShift Merge Robot2022-08-10
|\ \ | | | | | | podman generate spec
| * | podman generate specCharlie Doern2022-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | implement a new command `podman generate spec` which can formulate a json specgen to be consumed by both the pod and container creation API. supported flags are --verbose (default true) print output to the terminal --compact print the json output in a single line format to be piped to the API --filename put the output in a file --clone rename the pod/ctr in the spec so it won't conflict w/ an existing entity Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | Merge pull request #15094 from cdoern/sshOpenShift Merge Robot2022-08-10
|\ \ \ | | | | | | | | podman ssh work, using new c/common interface
| * | | podman ssh work, using new c/common interfaceCharlie Doern2022-08-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | implement new ssh interface into podman this completely redesigns the entire functionality of podman image scp, podman system connection add, and podman --remote. All references to golang.org/x/crypto/ssh have been moved to common as have native ssh/scp execs and the new usage of the sftp package. this PR adds a global flag, --ssh to podman which has two valid inputs `golang` and `native` where golang is the default. Users should not notice any difference in their everyday workflows if they continue using the golang option. UNLESS they have been using an improperly verified ssh key, this will now fail. This is because podman was incorrectly using the ssh callback method to IGNORE the ssh known hosts file which is very insecure and golang tells you not yo use this in production. The native paths allows for immense flexibility, with a new containers.conf field `SSH_CONFIG` that specifies a specific ssh config file to be used in all operations. Else the users ~/.ssh/config file will be used. podman --remote currently only uses the golang path, given its deep interconnection with dialing multiple clients and urls. My goal after this PR is to go back and abstract the idea of podman --remote from golang's dialed clients, as it should not be so intrinsically connected. Overall, this is a v1 of a long process of offering native ssh, and one that covers some good ground with podman system connection add and podman image scp. Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | Merge pull request #15244 from baude/machinememorytestsOpenShift Merge Robot2022-08-10
|\ \ \ \ | | | | | | | | | | check memory test based on range
| * | | | check memory test based on rangeBrent Baude2022-08-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when verifying that the memory was set correctly for a podman machine instance, we check if the number is between a range because based on architecture, operating system, and memory itself this number can differ significantly. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #15199 from baude/addapplehvOpenShift Merge Robot2022-08-09
|\ \ \ \ \ | | | | | | | | | | | | Add interface for apple hypervisor
| * | | | | Add interface for apple hypervisorBrent Baude2022-08-08
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The new apple silicon processesors (m1/m2) are capable of using a performent apple hypervisor (included in macos). Our "virtual providers" for podman machine are part of an interface design. This PR provides an implementation of the interface to begin the work for supporting the apple hypervisor. It is basically only a skeletal PR. The actual code for using the hypervisor and launching a machine will come as several new PRs following the inclusion of this one. There will likely be code reuse between the applehv and qemu code; but none of that code is being moved at this time. It will be moved "on demand" during development. [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #15230 from YoitoFes/Issue-15211OpenShift Merge Robot2022-08-09
|\ \ \ \ \ | |_|/ / / |/| | | | pkg/bindings: Support writing image push progress to specified io.Writer